losing session

[bluetoother]

i installed new web site on php (4) web serveri noticed that the server is adding variable to every link in the pagesthe variable is :PHPSESSID= (long random number)in the same time every one logged in got treated as guestafter short period of timebecause user who dont have session value will be treated as guests in the web sitehow to prevent the server from losing the SESSION values for the usersis there a need to add code sample from the pages ?

[justsomeguy]

Put this on the top of every page, before session_start:ini_set("session.use_cookies", 1);ini_set("session.use_only_cookies", 1);You can also change those options in php.ini if you don't want to add code on every page.

[bluetoother]

thanks,, actually i cannot change the php.ini file because iam on a hosting serveri noticed another fatal error happens when there is more than one user in the site ,, when one of the online logged-in users add a post for example, the server insert a new record in the data base where i store the posts that contain the post text and the author ID which is the ID for the online user who posted the text, the server insert a record in the database with some other ID for another online usermy web site is new ,, and i tested it alone ,, not with other online users and this failure is killing my web siteiam using a hosting server / php 4 / Apachi 1.3

[justsomeguy]

Sounds like a problem, the user ID in the session isn't getting set to the right thing or the database statement isn't using the right ID. If you're using session cookies you shouldn't have users using the same sessions unless you have a 2-bit session ID or something like that.

[bluetoother]

i discovered that user may got converted to be logged in using some other online user suddenly,,how ?from my computer i logged-in to the web site using my admin account on firefoxand logged-in with normal user account using IEthe normal account suddenly got converted to the admin accountwhen i run any sql command i run it this way:

INSERT INTO posts (post_text,author) VALUES ('$post_text','".$_SESSION['user_id']."')

when any user log-in , user will take 2 session values

$_SESSION['user_id']=$row['user_id'];// user id in the databse$_SESSION['user_group']=$row['user_group'];// user group in the databse

[justsomeguy]

Either you're a l33t hacker and don't know it, or you're not using the session right. Are you doing anything with the user's IP? Are you changing the session values at all after the user is already logged in?

[bluetoother]

iam just storing the user's IP once he log-in in the databaseand the only place that fill session with a value is the login page

[justsomeguy]

You can post your login code if you want, but it's not a normal case that users would just start using someone else's session, it sounds like you're storing the wrong user ID in the session.

[bluetoother]

is $user_id a reserved word ?it seems that word was causing the problemi changed it in all pagesi was using it this way :

$user_id=$_SESSION['user_id'];

[justsomeguy]

$user_id is not a reserved variable name in PHP, chances are there was some other code that was using a variable called $user_id for something else.