I have an issue where some of my pages take an extended period to load due to communications with various external APIs. I noticed that when I change to a different page or reload the current page before it has finished loading, it seems to drop my session and logs me out.
For example, if loading page about.php and then I click a link to load profile.php before about.php has loaded fully, it logs me out and drops me back at the login screen.
I don't know what to search for this but have not been able to find any information on similar problems. Can anyone shed light on what would be causing this?
Top of each page:
sec_session_start();
if(login_check($dp_conn) == false)
{
header("location:../login.php?error=1");
}
sec_session_start() function:
function sec_session_start()
{
$session_name = 'sec_session_id'; // Set a custom session name
$secure = false; // Set to true if using https.
$httponly = true; // This stops javascript being able to access the session id.
ini_set('session.use_only_cookies', 1); // Forces sessions to only use cookies.
$cookieParams = session_get_cookie_params(); // Gets current cookies params.
session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly);
session_name($session_name); // Sets the session name to the one set above.
session_start(); // Start the php session
session_regenerate_id(); // regenerated the session, delete the old one.
}
login_check() function:
function login_check($db)
{
// Check if all session variables are set
if(isset($_SESSION['user_id'], $_SESSION['username'], $_SESSION['login_string']))
{
$user_id = $_SESSION['user_id'];
$login_string = $_SESSION['login_string'];
$username = $_SESSION['username'];
$user_browser = $_SERVER['HTTP_USER_AGENT']; // Get the user-agent string of the user.
$query = "SELECT password FROM users WHERE id = " . $user_id . " LIMIT 1";
$result = mysql_query($query, $db);
if (mysql_num_rows($result) == 1)
{
// If the user exists
$row = mysql_fetch_row($result);
$password = $row[0];
$login_check = hash('sha512', $password.$user_browser);
if($login_check == $login_string)
{
// Logged In!!!!
return true;
}
else
{
// Not logged in
return false;
}
}
else
{
// Not logged in
return false;
}
}
else
{
// Not logged in
return false;
}
}