Getting behavior on my live app that seems a lot like session collisions. Can't figure out why
Question
Basically, users are intermittently seeing and overwriting each other's data (obviously, this is REALLY bad). I've tried to recreate the behavior on my testing site to no avail. On the testing site, accounts stubbornly display only their own data.
This is a low traffic application. It currently has under 200 user accounts.
I'm happy to post my code, but I'm not even sure which code to post.
Things I've thought of which could cause this behavior:
Multiple users accidentally being assigned redundant uids in the database.
Nope. Database key constraints forbid this, as they should.
Session id collisions.
I doubt it. The session ids are being set by PHP, I did't mess with that, so they're big long MD5 hashes like they're supposed to be.
Session collisions in the database.
Our Sessions table in the database has five columns: sessionkey, uid, serieskey, expiration and ipaddress. Sessions are being created and destroyed as they should be as users log in and out. I've been watching it real time and it works fine.
And yet, on our test site, I can't reproduce the behavior. Even with several accounts logged in at once from different ip addresses. But the users are definitely reporting it on the live site and I can see the results of users overwriting each other's data in my database. I'm at a loss as to why this might be happening. Knowing you can't see my entire gigantic code base (it took me and two others a year to write this) where would you start looking next?
1 answers
solution1
0 2015-01-27 21:05:34
The problem was in the way we were doing cookie generation. It was a part of the code I'd never worked on. When I managed to corner the guy who wrote that part, he knew exactly why it was happening and fixed it in under a minute.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.