October 5th, 2012, 10:14 PM
User login, and see someone else profile
I'm developing a system using Code Ignitor framework.
When a user login to the system, it keeps user profile in session
as general way.
Sometimes users report me that, they can see "someone else
profile", and when change page, it becomes normal, and some times,
they can see someone else profile again. These users use their own
computer and not share to anyone.
This problem is found only some times, but it is really not good.
I cannot specify the cause, because session system in the
framework should be well-design.
I also wonder that for systems those require high-certainty such
as online banking, how do they manage this issue.
Please give me some idea about this problem.
Thanks a very lot,
October 5th, 2012, 11:22 PM
We need a lot more information than this, unfortunately. Start logging session data along with IP, see if the session for an IP changes at random.
HEY! YOU! Read the New User Guide and Forum Rules
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin
"The greatest tragedy of this changing society is that people who never knew what it was like before will simply assume that this is the way things are supposed to be." -2600 Magazine, Fall 2002
Think we're being rude? Maybe you asked a bad question
or you're a Help Vampire.
Trying to argue intelligently? Please read this.