gotts Posted December 28, 2010 Share Posted December 28, 2010 Here is my dilemma... I basically have a script which by means of CURL posts to a 3rd party website to perform a login and then makes another post to update a users details based on that login session. Now as my site is getting busy I have multiple users doing the same thing and it seems that on occasion curl is getting confused and updating one users details with a different users information. This is causing real problems. It seems to be that the cookie which is being used by a user after one login is being shared by other users and they end up logging in with the same cookie - confusing the 3rd party system. My code is posted below and I need to use the cookiefile and cookiejar to maintain the php session to allow me to do what I need to do. But it seems like the same cookie is being reused by all users.... Does that make sense? Is there anything I can do to change this? Please advise.... Thanks so much! Below is the code i use to both login and post the user update function hitForm($postURL, $postFields, $referer="", $showerr = FALSE, $ispost = TRUE) { global $islocal, $path_escape; $ch = curl_init(); curl_setopt($ch, CURLOPT_COOKIEJAR, "cookies.txt"); curl_setopt($ch, CURLOPT_COOKIEFILE, "cookies.txt"); curl_setopt($ch, CURLOPT_URL, $postURL); if ($ispost) curl_setopt($ch, CURLOPT_POST, 1); else curl_setopt($ch, CURLOPT_HTTPGET, 1); curl_setopt($ch, CURLOPT_REFERER, $referer); curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $postFields); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); $ret = curl_exec($ch); if ($error = curl_error($ch)) { if ($showerr) echo 'ERROR: ' . $error; return -1; exit; } $CU_header = curl_getinfo($ch); $CU_header["err"] = curl_errno($ch); $CU_header["errmsg"] = curl_error($ch); curl_close($ch); $returnout = $ret; //for debugging purposes for now we are logging all form posts SaveLog("hitform", "F[".$this->curruserid." - ".$this->currfunc." - ".date("d-m-y h:i:s")."]".$postFields); return $ret; } Quote Link to comment Share on other sites More sharing options...
the182guy Posted December 28, 2010 Share Posted December 28, 2010 It does make sense, cURL is using the same cookie for all users. You'll need to create a seperate cookie for each user, one way would be to name the cookie with the users user ID in the filename like cookie_[userID].txt Quote Link to comment Share on other sites More sharing options...
gotts Posted December 28, 2010 Author Share Posted December 28, 2010 Thank you - if I do that then I will probably have to pre-create all those cookie files right? Or will they be created automatically? is a better approach to actually provide a cookie name to use which also has a userid in it - will that work? Quote Link to comment Share on other sites More sharing options...
the182guy Posted December 28, 2010 Share Posted December 28, 2010 Personally I would use something like this instead of cURL, but that would need modifying slightly I think. cURL needs a physical cookie file which is not really ideal. You'd be better of just storing the cookies as variables if possible - which it isn't with cURL. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.