Session_ID Problem

Im not sure how session data can be passed from one computer to an other, Session are cookie based per computer an unless you are sharing computers there shouldn’t be an issue.

That being said you can disable session from the setting menu if it does not meet your sites requirements. It is not critical that session run with mdocs.

In the memphis-documents.php file on line 30 you hard coded a MDOCS_SESSION_ID to a static value. Then in the mdocs-functions.php you assignthe php variable “session_id” to the MDOCS_SESSION_ID.

On our website one of the issues it’s caused is that we have a session based shopping cart that stores data in a table with the PHP session_id as one of the identifiers. When everyone is sharing the same session_id then everyone sees the exact same contents of the cart.

• This reply was modified 7 years, 10 months ago by dfreeman33. Reason: spelling

Did you try to disable session from the setting menu? Goto Options > Setting > Disable Sessions this should to mdocs from creating session.

I guess my question is: Is there a reason you’re hard coding a static MDOCS_SESSION_ID instead of using a randomly generated?

I did disable sessions and that seems to have stopped the problem.

My idea was to create a unique session specially for mdocs. I’m taking a look at my code right now I may have to end up just restoring the old way of doing things if it is causing issue.

Thanks for the quick responses!

if you want the old code is still in the session function you could comment out the new code and uncomment out the old code to go back to how it was before version 3.6.21

The file is mdocs-functions.php and the function is mdocs_nonce():

if(get_option('mdocs-disable-sessions') == false) {
		session_id(MDOCS_SESSION_ID);
		session_start();
		if(isset($_SESSION['mdocs-nonce'])) define('MDOCS_NONCE',$_SESSION['mdocs-nonce']);
		if(!isset($_SESSION['mdocs-nonce']) || isset($_REQUEST['mdocs-nonce'])) $_SESSION['mdocs-nonce'] = md5(rand(0,1000000));
		session_write_close();
	} else {
		define('MDOCS_NONCE', md5(rand(0,1000000)));
		$_SESSION['mdocs-nonce'] = null;
	}
	/*
	if(!session_id()) {
		session_start();
		//session_start([ 'mdocs-nonce' => md5(rand(0,1000000))]);
	}
	if(get_option('mdocs-disable-sessions') == false) {
		if(isset($_SESSION['mdocs-nonce'])) define('MDOCS_NONCE',$_SESSION['mdocs-nonce']);
		if(!isset($_SESSION['mdocs-nonce']) || isset($_REQUEST['mdocs-nonce'])) $_SESSION['mdocs-nonce'] = md5(rand(0,1000000));
	} else {
		define('MDOCS_NONCE', md5(rand(0,1000000)));
		$_SESSION['mdocs-nonce'] = null;
	}
	*/

• This reply was modified 7 years, 10 months ago by bhaldie.

I’m going to run it as is for now and just leave the sessions disabled in the settings to see how things run. Unless you think that’s a bad idea…

You should be fine. The only reason session are using in mdocs is for admin functionality.

It only allows one button press for upload/delete/edit. Basically it doesn’t allow admins to spam the upload button over and over again.