John
Member
Registered: 30th Jun 03
User status: Offline
|
I'm not sure if it would really, ISA breaks other random stuff though, they probably won't be using it.
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
does anyone know if the session ID is stored in a cookie? As i can never replicate this issue so i'm wondering if it is and that their browsers are scrubbing this cookie.
|
ed
Member
Registered: 10th Sep 03
User status: Offline
|
PHPSESSIONID is the name of the cookie, and it stores the session ID which by default is some kind of hash value.
Regarding the security of storing details in a cookie. I store the username as plain text and then an MD5 of some values about the user from the database as a password. The idea is, even if you did manage to crack the MD5 of the password cookie, it's not going to help you as you wont get the password...
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
Cheers Ed!
To be honest i'm thinking of re-writing the lot for cookies, i can't see any of the information i'm storing being classed as sensitive apart from the full name and username perhaps.
The only thing i can think of is that they have some security setting on IE that's scrubbing the session cookie so i'm now testing security levels in IE to see if it's one of those that's causing it. But i think this is just clutching at straws 
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
I've narrowed it down to something destroying the session, no idea what though....
|
ed
Member
Registered: 10th Sep 03
User status: Offline
|
Have you got an Ajax or Iframe stuff going on? I've had issues with Ajax destroying session values because I forgot to put session_start() in there. Was very frustrating!
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
no ajax, no frames. All php pages have a session_start() - i call a main include file in every script and it's the 2nd thing i call, after ob_start() - using buffers, this wasn't working before i implemented the buffers so it's not that.
|
ed
Member
Registered: 10th Sep 03
User status: Offline
|
I'm out of ideas then
Can you replicate the problem on your own machine?
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
Can now, no idea how i've managed to get it replicating the issue though. It seems to be destroying the session after 25/30mins, which is roughly the default setting  I've switched the garbage collection off for the time being to see if that helps matters, although it shouldn't considering the session timeout is set to 4hrs.
What im now thinking is that it's an issue with the hosting (Tsohost clustered hosting) and some other timeout is occuring. But now pushing for the client to get a dedicated box so we have complete control over what's happening.
Knowing my luck though it's something simple 
|
ed
Member
Registered: 10th Sep 03
User status: Offline
|
Having just got a Webfusion VPS myself, I can safely say that shared hosting is a pain in the arse in comparison!
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
what's the deal with the unmetered bandwidth on webfusion VPS boxes? Is it true unlimited or do they have a Fair Usage Policy? I'm guessing Webfusion servers are all uk based?
Currently looking at Tsohosts or a dedicated box with Vooservers, but they are a little more expensive.
|
ed
Member
Registered: 10th Sep 03
User status: Offline
|
I'm not too sure, I'd say they'd have a fair use policy but I don't think we're going to have enough traffic to cause issue. They're based in Uxbridge...
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
Might have to look into a webfusion VPS.
Managed to solve this whole issue.......................by using cookies You set the expire and they just work, 'mazing 
|
ed
Member
Registered: 10th Sep 03
User status: Offline
|
Easy hey 
|
xa0s
Banned
Registered: 4th Mar 08
Location: Dartford, Kent Car: Turbo'd Fabia vRS
User status: Offline
|
ob_start() caused a session issue with me before... Try removing it!
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
quote:
Originally posted by xa0s
ob_start() caused a session issue with me before... Try removing it!
I did think that and tried it, but buffering was a recent addition and it was still doing it prior to that. Eitherway, cookies have sorted it and they actually work albeit slightly less secure. Hopefully i'll get this live over the weekend and the client will stop frothing at the mouth and pay me 
|
