October 5th, 2012, 09:14 PM
Join Date: Oct 2012
Time spent in forums: 2 m 39 sec
Reputation Power: 0
PHP-Security - User login, and see someone else profile
I'm developing a system using Code Ignitor framework.
When a user login to the system, it keeps user profile in session
as general way.
Sometimes users report me that, they can see "someone else
profile", and when change page, it becomes normal, and some times,
they can see someone else profile again. These users use their own
computer and not share to anyone.
This problem is found only some times, but it is really not good.
I cannot specify the cause, because session system in the
framework should be well-design.
I also wonder that for systems those require high-certainty such
as online banking, how do they manage this issue.
Please give me some idea about this problem.
Thanks a very lot,