Dear All

We are testing a multi-user quiz system with PHP session management.
Everything has been fine until we tested the system with about 12 users...

Each user gets an individual instantiation of some questions and they
type in some answers and submit them for marking.  To remember the
question instantiations across script invocations we store them in a
$_SESSION variable (nb. I don't use session_register or similar, I just set 
$_SESSION['var'] directly). Upon submission we log the questions, the correct
answers (all from the $_SESSION variable), and the user answers (from $_POST) 
in a database for marking later.  Everything seemed to work fine, except...

One user is absolutely sure that the question instantiations logged
in the database are NOT the ones he saw on his browser! I've reviewed 
the code paths and I am also sure (!) that the questions cannot be 
re-instantiated across script invocations. So that leaves me looking for 
another reason. Could the session management in PHP have gotten confused and 
he got someone elses SESSION variable??

Is this possible ? Or am I being naive and should look harder at my code?

Setup is:

RedHat 7.3
Apache 1.3.26
PHP 4.2.2
MySQL 3.23.52

Win2000 Professional  5.00 SP2
Internet Explorer 6.0.2600

Any tips gratefully received!



Ian Thurlbeck      
Statistics and Modelling Science, University of Strathclyde
Livingstone Tower, 26 Richmond Street, Glasgow, UK,  G1 1XH
Tel: +44 (0)141 548 3667           Fax: +44 (0)141 552 2079

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to