php CURL - multiple independent sessions - need help!

[gotts]

Here is my dilemma...

I basically have a script which by means of CURL posts to a 3rd party website to perform a login and then makes another post to update a users details based on that login session. Now as my site is getting busy I have multiple users doing the same thing and it seems that on occasion curl is getting confused and updating one users details with a different users information. This is causing real problems.

It seems to be that the cookie which is being used by a user after one login is being shared by other users and they end up logging in with the same cookie - confusing the 3rd party system. My code is posted below and I need to use the cookiefile and cookiejar to maintain the php session to allow me to do what I need to do. But it seems like the same cookie is being reused by all users....

Does that make sense? Is there anything I can do to change this? Please advise....

Thanks so much!

 

Below is the code i use to both login and post the user update

 

function hitForm($postURL, $postFields, $referer="", $showerr = FALSE, $ispost = TRUE) {
        global $islocal, $path_escape;
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_COOKIEJAR, "cookies.txt");
        curl_setopt($ch, CURLOPT_COOKIEFILE, "cookies.txt");
      
        curl_setopt($ch, CURLOPT_URL, $postURL);
        if ($ispost)
            curl_setopt($ch, CURLOPT_POST, 1);
        else
            curl_setopt($ch, CURLOPT_HTTPGET, 1);
        curl_setopt($ch, CURLOPT_REFERER, $referer);
        curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3");
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $postFields);
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);

        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
        
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
        $ret = curl_exec($ch);
        if ($error = curl_error($ch)) {
            if ($showerr)
                echo 'ERROR: ' . $error;
            return -1;
            exit;
        }
        $CU_header = curl_getinfo($ch);
        $CU_header["err"] = curl_errno($ch);
        $CU_header["errmsg"] = curl_error($ch);
        curl_close($ch);
      
        $returnout = $ret;
     
        //for debugging purposes for now we are logging all form posts
        SaveLog("hitform", "F[".$this->curruserid." - ".$this->currfunc." - ".date("d-m-y h:i:s")."]".$postFields);
        
        return $ret;
    }

[the182guy]

It does make sense, cURL is using the same cookie for all users. You'll need to create a seperate cookie for each user, one way would be to name the cookie with the users user ID in the filename like

 

cookie_[userID].txt

[gotts]

Thank you - if I do that then I will probably have to pre-create all those cookie files right? Or will they be created automatically?

 

is a better approach to actually provide a cookie name to use which also has a userid in it - will that work?

[the182guy]

Personally I would use something like this instead of cURL, but that would need modifying slightly I think. cURL needs a physical cookie file which is not really ideal. You'd be better of just storing the cookies as variables if possible - which it isn't with cURL.