[RESOLVED] Session ID conflict

@JS_FreakApr 13.2007

I have a system where the member can log in and edit their profile or download articles relevant to their area. These two links are on the index page. Editing the profile grabs the ID from the logged in session and pulls up the members details from the “MEMBERS” table (username and password also resides there). On the downloads page I have a table containing all the downloadable articles. This page uses a table called “FILES”. This table has it’s own ID field.

My problem comes in when you download an article. Once you’ve done that (that works fine, by the way), and return to the index page, the “Edit Profile” links adopts the ID of the downloaded file on the downloads. I think it’s because on the downloads page there is a “isset” script for the ID. So it brings that ID back to the index page. How do I prevent that? How do I get it that even after a file is downloaded, returning to the index page has the “Edit Profile” link referring to the logged in session and not the ID that was set on the downloads page. I’ve tried “unset(&_REQUEST[‘id’])” – excuse the syntax, it’s just an example – but that didn’t work either.

Can anyone help?

Thanks,
Karen

to post a comment

PHP

3 Comments(s) _↴

@aj_nscApr 13.2007 — #I'm not exactly sure how your system is working, you may need to provide us with code.

When you say the script grabs the id from the logged in session, do you mean the sessionid? How would a session id correspond to a specific user (therefore I am assuming you do not mean the session id)?

@JS_FreakauthorApr 13.2007 — #I do mean the Session ID. Here's the code. Can you figure something out with it? It's quite long but both pages are laid out below. I hope it can help to clarify.

Karen

===Index Page===

[CODE]<?php
 // includes
 include("../includes/conn.inc.php");
 include("../includes/user.inc.php");
 include("../includes/error_report.inc.php");
 
 // authorizing
 $user = new user($db, "members");
 $user->authorize("../member_login.php", array("member"));
 ?>
 <?php
 $sql2 = "SELECT * FROM members WHERE id = '". $_SESSION["id"] ."'"; 
 $sql2 = mysql_query($sql2); 
 $result2 = mysql_fetch_assoc($sql2); 
 
 
 ?>
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
 "http://www.w3.org/TR/html4/loose.dtd">
 <html>
 <head>
 
 </head>
 
 <body>
 <table width="778" border="0" align="center" cellpadding="0" cellspacing="0" class="admin">
 <td height="335" valign="top" bgcolor="#FFFFFF"><br>
 <table width="100%"  border="0" cellspacing="0" cellpadding="0">
 <tr>
 <td>&nbsp;&nbsp;&nbsp;<a href="javascript:history.go(-1)" class="links"><u>Back</u></a><span class="links"> | </span><a href="../index.php" class="links"><u>Public</u></a> <span class="links">|</span> <span class="links">Members Home</span></td>
 <td align="right"><span class="links">Logged In As:</span>&nbsp;
 <span class="links">
 <?= ucwords($_SESSION["username"]); ?>
 -
 <?= ucwords($_SESSION["authorization"]); ?>
 </span>            <span class="links">  | </span><a href="logout.php" class="links"><u>Logout</u></a>&nbsp;&nbsp;&nbsp;</td>
 </tr>
 </table>
 <br>
 <table border="0" cellpadding="0" cellspacing="0">
 <!--DWLayoutTable-->
 <tr>
 <td width="76" height="236">&nbsp;</td>
 <td width="567" valign="top"><table width="552" border="0" cellpadding="0" cellspacing="0" background="../images/admin_blocks.jpg" bgcolor="#FFFFFF">
 <!--DWLayoutTable-->
 <tr>
 <td width="6" rowspan="5" valign="top" bgcolor="#FFFFFF"><!--DWLayoutEmptyCell-->&nbsp;</td>
 <td height="19" colspan="2" valign="top" bgcolor="#FFFFFF"><!--DWLayoutEmptyCell-->&nbsp;</td>
 </tr>
 <tr>
 <td width="7" height="58"></td>
 <td width="539" valign="top" bgcolor="#FFFFFF"><p class="style1"><a href="../admin/list.php" class="body-text-no problem"></a><span class="body-text-no problem"><a href="profile_update.php?id=<?= $result2['id']; ?>">Edit your profile</a> <a href="profile_update.php?id=<?= $result2['id']; ?>" class="style1"><img src="../images/icon_update.gif" width="16" height="16" border="0"></a></span></p>
 <p class="style1"><br>
 <br>
 </p></td>
 </tr>
 <tr>
 <td height="12"></td>
 <td></td>
 </tr>
 <tr>
 <td valign="top" bgcolor="#FFFFFF"><!--DWLayoutEmptyCell-->&nbsp;</td>
 <td height="12" colspan="2" bgcolor="#043762" class="body-text-no problem"><span class="style2"><strong>&nbsp;&nbsp;Things relevant to your area </strong></span></td>
 </tr>
 <tr>
 <td valign="top" bgcolor="#FFFFFF"><!--DWLayoutEmptyCell-->&nbsp;</td>
 <td height="12" bgcolor="#FFFFFF" class="body-text-no problem"></td>
 <td height="12" bgcolor="#FFFFFF" class="body-text-no problem"></td>
 </tr>
 <tr>
 <td valign="top" bgcolor="#FFFFFF"><!--DWLayoutEmptyCell-->&nbsp;</td>
 <td height="12" bgcolor="#FFFFFF" class="body-text-no problem"></td>
 <td height="12" bgcolor="#FFFFFF" class="body-text-no problem"><a href="downloads.php?area=<?= $result2['area']; ?>">Articles</a></td>
 </tr>
 
 
 
 
   </table></td>
   </tr>
   </table>      <p>&nbsp;</p></td>
 </tr>
 </table>
 </body>
 </html>
 [/CODE]

===Downloads Page===

[CODE]<?php
 // includes
 include("../includes/conn.inc.php");
 include("../includes/user.inc.php");
 include("../includes/validate.inc.php");
 include("../includes/error_report.inc.php");
 
 // authorizing
 $user = new user($db, "members");
 $user->authorize("../members_login.php", array("member"));
 ?>
 <?php
 
   if(isset($_GET['id'])) {
 
   // if id is set then get the file with the id from database
 
   $id = $_GET['id'];
 
   $query = "SELECT name, type, size, content " . "FROM files WHERE id = '$id'";
   $result = mysql_query($query) or die('Error, query failed');
 
   list($name, $type, $size, $content) = mysql_fetch_array($result);
 
   header("Content-length: $size");
   header("Content-type: $type");
   header("Content-Disposition: attachment; filename=$name");
 
   echo $content;
 
 
 exit;
 }
 ?>
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
 "http://www.w3.org/TR/html4/loose.dtd">
 <html>
 <head>
 
 </head>
 
 <body>
 <table width="778" border="0" align="center" cellpadding="0" cellspacing="0" class="admin">
 <!--DWLayoutTable-->
 <tr>
 <td height="371" valign="top" bgcolor="#FFFFFF">
 <table width="100%"  border="0" cellspacing="0" cellpadding="0">
 <tr>
 <td>&nbsp;&nbsp;&nbsp;<a href="javascript:history.go(-1)" class="links"><u>Back</u></a> <span class="links">|</span> <a href="../index.php" class="links"><u>Public</u></a><span class="links"> |</span> <a href="index.php" class="links"><u>Members Home</u></a> <span class="links">&gt;&gt; Articles</span></td>
 <td align="right"><span class="links">Logged In As:&nbsp;
 <?= ucwords($_SESSION["username"]); ?>
 -
 <?= ucwords($_SESSION["authorization"]); ?>
 | </span><a href="logout.php" class="links"><u>Logout</u></a>&nbsp;&nbsp;&nbsp;</td>
 </tr>
 </table>
 <p><span class="body-text">Here you will find all the articles relevant to your area.</span></p>
 <p>&nbsp;</p>
 <table width="666" border="0" align="center" cellpadding="0" cellspacing="0">
 <tr>
 <td width="666"><table width="664" height="120" cellpadding="0" cellspacing="0">
 <!--DWLayoutTable-->
 <tr>
 <td height="24" colspan="8" align="right" valign="top" class="db_list_text"><!--DWLayoutEmptyCell-->&nbsp;</td>
 </tr>
 <?php
 
   //$sql_prop = "SELECT area FROM $db.members WHERE area = ".$_REQUEST["area"];
   //$result_prop = mysql_query($sql_prop);
   //$rs_prop = mysql_fetch_array($result_prop);
 
 
   $query = "SELECT id, name, description, area_files FROM files WHERE area_files = '".$_REQUEST['area']. "'";
   $result = mysql_query($query) or die('Error, query failed');
   if(mysql_num_rows($result) == 0)
   {
   echo "Database is empty <br>";
   }
   else
   {
 
   while(list($id, $name, $description, $area_files) = mysql_fetch_row($result)) {
   ?>
   <tr <?php if (is_int($i/2)) print "bgcolor="#C6E4FD""; ?>>
   <td height="27" class="body-text-no problem" style="padding-left:5px; padding-right:2px;"><img src="../images/icon_update.gif" width="16" height="16"></td>
   <td class="db_list_text" style="padding-left:5px; padding-right:2px;"><?= $name;?>
   &nbsp;</td>
   <td class="db_list_text" style="padding-left:5px; padding-right:2px;"><!--DWLayoutEmptyCell-->&nbsp;</td>
   <td class="db_list_text" style="padding-left:5px; padding-right:2px;">
   <?= $description;?></td>
   <td class="db_list_text" style="padding-left:5px; padding-right:2px;"><!--DWLayoutEmptyCell-->&nbsp;</td>
   <td class="db_list_text" style="padding-left:5px; padding-right:2px;"><a href="downloads.php?id=<?= $id; ?>">Click Here</a></td>
   <td class="db_list_text" style="padding-left:5px; padding-right:2px;"><!--DWLayoutEmptyCell-->&nbsp;</td>
   <td class="db_list_text"><span class="db_list_text" style="padding-left:5px; padding-right:2px;">
   <?= $area_files;?>
   </span></td>
   </tr>
   <?php $i++; } ?>
   <tr align="right">
   <td height="24" colspan="8" valign="top" class="db_list_text"><!--DWLayoutEmptyCell-->&nbsp;</td>
   </tr>
   <tr>
   <td height="24" colspan="8" valign="top">                          </tr>
   </table></td>
   </tr>
  </table>
   </td>
  <?php } ?></td>
 </tr>
 </table>
 </body>
 </html>
 <?php
 [/CODE]

@JS_FreakauthorApr 17.2007 — #I actually figured this one out. Both pages (index.php and downloads.php) refer to the field called ID. I thought that it might be clashing because they both refer to the same field name. So on the downloads page I changed all the references of ID to ID2 and in phpMyAdmin I also changed the field name of the FILES table to ID2. It works 100%. ID now keeps the session ID stored while ID2 doesn't interfere and re-assign the variable.

Also in #PHP _↴

POST checkbox array session variable problem with exec_dir patch JSON Help

Success!

Help @JS_Freak spread the word by sharing this article on Twitter...

Tweet This

[RESOLVED] Session ID conflict

3 Comments(s) _↴

Also in #PHP _↴

Success!

Social

Version

[RESOLVED] Session ID conflict

3 Comments(s) ↴

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

3 Comments(s) _↴

Also in #PHP _↴