CodeIgniter Forums
how to avoid page caching on authentication? And CI session or PHP's $_SESSION ? - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forum-20.html)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forum-23.html)
+--- Thread: how to avoid page caching on authentication? And CI session or PHP's $_SESSION ? (/thread-19818.html)



how to avoid page caching on authentication? And CI session or PHP's $_SESSION ? - El Forum - 06-19-2009

[eluser]moonbeetle[/eluser]
I ran into a problem and I suspect an internal web server serving cached pages to be the root of all evil.

When user "Bob" logs in, he gets a greeting "Welcome Bob!".
When user "Jane" logs in a few minutes later, she gets a greeting "Welcome Bob!".
Both Bob and Jane work at the same company (where Internet access is likely to be monitored), though their login credentials are different.

CI session is used (the session ID is stored in the cookie, the rest of the session data in the database). Apart from my particular problem which might not have anything to do with CI, I was wondering if replacing CI sessions with PHP's $_SESSION[] might be an improvement?


how to avoid page caching on authentication? And CI session or PHP's $_SESSION ? - El Forum - 06-25-2009

[eluser]Michael Wales[/eluser]
The first step in troubleshooting this would be to log a timestamp, user's IP address and their session ID. Then you will be able to confirm whether CI is issuing a unique certificate to each of these users or they are both using the same session. This "shouldn't" happen, since some info is stored in a cookie on the user's machine - but I have ran into scenarios where this did occur.

Have two users from the company access your application and look to see if you are getting log entries for each of them, if not - enterprise caching is the culprit.