Login   Register  
PHP Classes
elePHPant
Icontem

IE generates multiple sessions

Recommend this page to a friend!
Stumble It! Stumble It! Bookmark in del.icio.us Bookmark in del.icio.us

      Secure Session  >  All threads  >  IE generates multiple sessions  >  (Un) Subscribe thread alerts  
Subject:IE generates multiple sessions
Summary:Using this code on my site and I have a "users online" feature..
Messages:5
Author:Tom T
Date:2007-11-29 13:43:06
Update:2007-12-01 17:26:22
 

  1. IE generates multiple sessions   Reply  
Picture of Tom T
Tom T
2007-11-29 13:43:06
And if I set $ss->regenerate_id = true; in my session handler that updates a table with session ids, in IE, it will generate 10-20 session records per refresh. Does not do this in any other browser (Firefox, Safari, etc., etc.) and it's inflating my users online count. If I change $ss->regenerate_id = false then the problem goes away but not regenerating the session id kind of defeats the purpose right?

Any ideas?

  2. Re: IE generates multiple sessions   Reply  
Picture of Vagharshak Tozalakyan
Vagharshak Tozalakyan
2007-12-01 12:47:51 - In reply to message 1 from Tom T
Hello. I've just checked the class with IE6 and IE7 and it works as supposed here. Did you check from another computer?


  3. Re: IE generates multiple sessions   Reply  
Picture of Tom T
Tom T
2007-12-01 15:02:48 - In reply to message 2 from Vagharshak Tozalakyan
Yes, I've tried it from different computers and different users using IE trigger this bug.

Here's the session handler code I'm using, maybe something will stick out if I post that.

<?php
ini_set('display_errors', E_ALL);

session_set_cookie_params(3600);
session_start();

$ipaddress = $_SERVER['REMOTE_ADDR'];

if (isset($_SESSION['userid']))
{
$previous_session_id = session_id();

if (strpos($_SERVER["SCRIPT_NAME"], "/scripts/") > 0 || strpos($_SERVER["SCRIPT_NAME"], "/pop/") > 0)
{ require_once '../library/securesession.class.php'; }
else
{ require_once 'securesession.class.php'; }

$ss = new SecureSession();
$ss->check_browser = true;
$ss->check_ip_blocks = 2;
$ss->secure_word = 'SALT_';
$ss->regenerate_id = true;
if (!$ss->Check() || !isset($_SESSION['loggedin']) || !$_SESSION['loggedin'])
{
if (strpos($_SERVER["SCRIPT_NAME"], "/scripts/") > 0 || strpos($_SERVER["SCRIPT_NAME"], "/pop/") > 0)
{
header('Location: ../index.php');
die();
}
else
{
header('Location: index.php');
die();
}
}

$sql = "UPDATE sessions ";
$sql .= "SET sessionid = \"" . session_id() . "\", ";
$sql .= "sessiondatetime = now() ";
$sql .= "WHERE sessionid = \"" . $previous_session_id . "\"";
mysql_select_db($mysql);
mysql_query($sql);

setcookie('loggedin_at', time(), time() + 3602, '/');
}


//first check to see if sessionid exists
$sql = "SELECT * ";
$sql .= "FROM sessions ";
$sql .= "WHERE sessionid = \"" . session_id() . "\"";
$safesql = & new SafeSQL_MySQL;
$sql = $safesql->query($sql);
$recordset = mysql_query($sql);

//remove records inactive for five minutes or more
$sqldelete = "DELETE FROM sessions ";
$sqldelete .= "WHERE TIMESTAMPDIFF(SECOND, sessiondatetime, now()) > 300";
if (mysql_numrows($recordset) > 0)
{
$sql = "UPDATE sessions ";
$sql .= "SET sessiondatetime = now() ";
$sql .= "WHERE sessionid = \"" . session_id() . "\"";
}
else
{
$sql = "INSERT INTO sessions ";
$sql .= "SELECT \"" . session_id() . "\", ";
if (isset($_SESSION['userid']))
{ $userid = $_SESSION["userid"]; }
else
{ $userid = 0; }
$sql .= $userid . ", ";
$sql .= "\"" . $ipaddress . "\", ";
$sql .= "now()";
}
mysql_select_db($mysql);
mysql_query("BEGIN");
mysql_query($sqldelete);
mysql_query($sql);
mysql_query("COMMIT");
?>

  4. Re: IE generates multiple sessions   Reply  
Picture of Vagharshak Tozalakyan
Vagharshak Tozalakyan
2007-12-01 16:55:45 - In reply to message 3 from Tom T
You may try the following:

1. Download the sample at "http://tozalakyan.com/db_sess_test.zip".
2. Install "schema.sql" and edit "includes/db_params.inc.php".
3. Run in IE and check the session records in db.
3. Run in Firefox and check the session records in db.
4. Set "$ss->regenerateId = true;" in "includes.init.inc.php" and check again.

This script should be acting the same way for each browser.

  5. Re: IE generates multiple sessions   Reply  
Picture of Tom T
Tom T
2007-12-01 17:26:22 - In reply to message 4 from Vagharshak Tozalakyan
I downloaded and installed the sample and when I set regenerate = true, the code generates a new record in the session table for each refresh/page load not just in IE, but in Safari (Mozilla) as well now.

The fingerprints are the same but the sessionids are different.

Strange.

Thanks for your help by the way, I really appreciate it.