Forum Moderators: coopster
A website written in PHP/MySql uses cookies for users' login. Sometimes users report that they view somebody else's account info when they login to their account. Do you have any idea why it may happen?
I thought this would be because of caching problem of users' ISPs and tried all No-Cache META ways like putting another header at the end (http://www.htmlgoodies.com/beyond/nocache.html) but complaints didn't stop.
FYI here is the cookie setting part:
setcookie("[COOKIENAME]", $cookie_val, 0, "/");
and in all other pages it reads the username from database and goes on:
SELECT * FROM [USERS] WHERE UserName='$cookieuser'
Really appreciate your help,
-sjariri
If user names are unique have a good look at how your script is looking up the user name in the database. Without more information I can't really make any more assumptions about what's going on.
By the way, can the problem persists because we are using client-side cookies instead of server-side using "Session" functions?
somewhere your data is getting corrupted, obviously. Is username the only reference you use to identify each user?
Do the usernames in the db have a unique id of some kind?
Maybe when they login you could check the username and then store the user_id in the cookie instead of the username.
Have you checked your select queries that use the username to see if they are getting confused?
Are they using LIKE?
Does your server have "register_globals" on? Perhaps you are overwriting variables.
Alternatively, do you have multiple vars that end up with the same name because you have POST and GET vars with the same name and you are accessing them with $_REQUEST? That could have a similar effect as having register_globals on.
