User sessions getting mixed up.

Hey Guys,

This is my first time posting here since I am a bit lost…

I am working with a development team on building a custom CMS for my business. I do have somewhat limited knowledge in the matter so bear with me. The website is and the idea was to have my customers log in and make orders, for me to assign the orders to people in my company and for them to send it to the client once it is done. But that is not important since everything inside of the system works dandy.

The issue is that if I have multiple users loged in at the same time, their sessions get mixed up. Here is the catch:

  1. This issue does NOT happen on the test server of the web developers, so I doubt it is the code.

  2. I have contacted my hosting provider and they have moved the system on a server with nginx set up, and they assured me it was set up properly since they have done it for other customers in the past.

But the issue persists. I have turned the google upside down, and it can be all sort of things. I am willing to provide any code or anything else you guys might ask. I do suspect it does save some sort of cache but I’m not sure how or why.

Let me know if you have any ideas. 

Hi @anondoc,

What exactly do you mean by “sessions get mixed up”? Can you clarify which behaviour of the site led you to believe that things got “mixed up”?

Hey Mark,

By mixed up I mean when two users log into it, and browse the system, their sessions get mixed up, they see what the other user sees, and viceversa. When they enter the settings for example, both of them, and click refresh a few times, their settings information gets switch up, one of them sees the name, password and everything else from the other one.

I have tested this on the same PC, 2 pcs on the same network, and even 2 pcs on different ISP in different towns, it happens still. 

But again, it does not happen on the test server, but only on the live server.

Please inform your users as soon as possible about this then, and try to suspend the service until the problem is fixed, since it’s a serious issue.

Since you are using a custom CMS that we don’t know about I think your best bet is to contact a professional to resolve the issue for you.

Hey Mark, yea I did suspend it, this just came out of development phase. The thing is that the web developers say the code is OK since it runs without the issue on their test server, and the host provider says the server is OK since it already runs similar things without an issue…

I have already bought another hosting provider to see if it gets resolved (they have 30 day money back)… So I will check if that fixes the issue.

What type of application is it? PHP, Python, Node, something else?

It is made in php, hosted on a linux server. 

It is extremely hard to pinpoint this, since the host and developer are playing ping pong on one another.

I am waiting for the new hosting to be set up so I can test it out there.

1 Like

That seems like a good thing to do. Post back here if you need more help!

Hey Mark, 

Just a quick update, it was the server settings… On the new server sessions are properly seperated… It seems that the guys did not know what they were doing. Too bad since the server was fast and reliable.

Thanks for the help!


Hey AnonDoc,

Have you resolved this issue ? or you mean that its automatically resolved in new server without making any changes right ?

Actually same issue we are facing atm so

Few point related to this issue:

  1. We are using Memecache to store session and PHP version is 5.3.3.

  2. Traffic on our site is very nominal (not exceeded more than few hundred requests per minute) and so we dont doubt session_id() gets duplicated.

  3. Our current cache control header “no-store, no-cache, must-revalidate, post-check=0, pre-check=0” is already informing client to not cache anything. So as per our understanding, it should not be anything related to cache.

  4. As per our debugging, we can see that, somehow session values of User-1 is getting overwritten by the data of User-2. So it looks that, User-2 never see any problem in his account, but User-1 is able to see the account of User-2. Also, we can see that User-2 is consistently active on the service.


  • Adrian
1 Like

I am having the same issue with an application that is critical for my company but the same issue of “User Sessions Getting Mixed Up”. Some users even end up being on admin panel on their first log in.  Can you tell me which server did you shift to, I mean is it your company’s owned server or a commercial host.  And if it is a commercial host what kind of plans are you on?  I will be truly grateful if I can resolve this issue for my company.


Iqbal Khan