I'm developing a system using Code Ignitor framework.
When a user login to the system, it keeps user profile in session as general way.
Sometimes users report me that, they can see "someone else profile", and when change page, it becomes normal, and some times,
they can see someone else profile again. These users use their own computer and not share to anyone.
This problem is found only some times, but it is really not good.
I cannot specify the cause, because session system in the framework should be well-design.
I also wonder that for systems those require high-certainty such as online banking, how do they manage this issue.
Please give me some idea about this problem.
Thanks a very lot,
Are you using the login provisions of code igniter or did you roll your own? Could it be a cache that is not clearing until a flush routine runs after login rather than upon $_SESSION timeout or logout?
This topic is now closed. New replies are no longer allowed.