Hi Guys. I am having a serious issue with Sessions. I think the issue must be Server side because the code works.
I know the code works because clients can log into their individual accounts and see only their own data.
However, every once in a while, they start seeing someone elses data! It is like the session expired but it did not kick them out to the log in page like it is supposed to.
So to fix this, I made it so the session would not expire be setting the session.gc_maxlifetime to "0". But now they are being kicked out every 5 minutes.../ heavy sigh.
Here are my session setting for PHP..
session.auto_start
Off
Off
session.bug_compat_42
Off
Off
session.bug_compat_warn
On
On
session.cache_expire
180
180
session.cache_limiter
nocache
nocache
session.cookie_domain
no value
no value
session.cookie_lifetime
session.cookie_path
/
/
session.cookie_secure
Off
Off
session.entropy_file
no value
no value
session.entropy_length
session.gc_divisor
1000
1000
session.gc_maxlifetime
session.gc_probability
1
1
session.hash_bits_per_character
5
5
session.hash_function
session.name
PHPSESSID
PHPSESSID
session.referer_check
no value
no value
session.save_handler
files
files
session.serialize_handler
php
php
session.use_cookies
On
On
session.use_only_cookies
Off
Off
session.use_trans_sid
And here is my session code which is run on Every page.
class session{
function checkSession($sessionName, $errorRedirect){
session_start();
if (!isset($_SESSION[$sessionName])){
header("Location: ".$errorRedirect."?msg=Session Has Expired or Was Not Started");
}else{
header("Cache-Control: no-cache, must re-validate");
header("Pragma: no-cache");
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
}//end if
}//end function checkSession
}//end class Session
Is there something I am doing wrong here?
Thank you for any input.
