phpwebsite-developers

[Phpwebsite-developers] phpWebSite Sessions

[Steven L. <st...@tu...>]

I had found a bug earlier where sessions where kept if you went from one
site to another on the same domain.  In this section of code here, which
can be found in the core index.php file,  the session is not set unless
one does not exist already.

if (!$_SESSION[$object_name] && class_exists($class_name)) {
    if (is_array($mod_include["mod_sessions"]) && in_array($object_name,
$mod_include["mod_sessions"]))
        $GLOBALS[$object_name] = $_SESSION[$object_name] = new $class_name;
    else
        $GLOBALS[$object_name] = $$object_name = new $class_name;
} else
    $GLOBALS[$object_name] = $_SESSION[$object_name];

I think we need to also check the hash here to see if it is correct.  If
not then reload the session.  What do you guys think?

-- 
Steven Levin
Electronic Student Services
Appalachian State University
Phone: 828.262.2431
PhpWebsite Development Team
URL: http://phpwebsite.appstate.edu
Email: st...@NO...

Re: [Phpwebsite-developers] phpWebSite Sessions

[Matthew M. <ma...@tu...>]

> I had found a bug earlier where sessions where kept if you went from one
> site to another on the same domain.  In this section of code here, which
> can be found in the core index.php file,  the session is not set unless
> one does not exist already.

Correct or I believe it would overwrite the session you want to get data
from.


> I think we need to also check the hash here to see if it is correct.  If
> not then reload the session.  What do you guys think?

That sounds like a plan.

Matthew McNaney
Internet Systems Architect
Electronic Student Services
Email: ma...@tu...
URL: http://phpwebsite.appstate.edu
Phone: 828-262-6493
ICQ: 141057403