homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

How to create unique session per logged in user

 2:56 pm on Apr 8, 2011 (gmt 0)

Hi all,

I have a script creating a session variable of type $_SESSION['user'] = $row['username'] where $row['username'] is the username of a user who logs successfully in the system.

However, if another user logs in the system successfully in a subsequent phase, $_SESSION['user'] takes a new value corresponding to the newly logged in user. This is causing me problems because i am inserting the username(which is unique in the user table) to identify which user is inserting data in comments table. Because my application is on a network and the session is managed on the server, a user can insert someone's else username when he is sending data in the comments table because $_SESSION['user'] always takes on the last value of a logged in user. Please, WHo can tell me what to do in order to assign a different session variable to every user? This would help me to identify which user inserted which comment.

Thank you in advance for your help



 3:01 pm on Apr 8, 2011 (gmt 0)

$_SESSION['user'] should not be taking the last value. Sessions are created and destroyed by the web browser on the server. As long as two different browsers on two separate computers log in to your service then the $_SESSION['user'] variable should hold their respective usernames.

Of course, this is all assuming that you are properly initializing the session variable to begin with. You have to make sure that
$row['username'] is the correct username you are authenticating.

 3:41 pm on Apr 8, 2011 (gmt 0)

If i get you well this is what you mean:
if user1 logs in on computer A with username "hello",
$_SESSION['user']=="hello" and in the database table username is going to be "hello"(assuming his username is being sent). If user2 on computer B logs in with username "world" $_SESSION['user'] == "world". So if user1 on computer A sends his data on the database he is sending "hello"(his personnal username) instead of "world"? Is this what you mean?

Thanks again.


 5:24 pm on Apr 12, 2011 (gmt 0)

The web server keeps track of which user is who with the sessions. Unless your website is specially a target of session hijacking attacks these session variables will be unique to each user that visits your website, assuming you are programming everything logically correct.

Global Options:
 top home search open messages active posts  

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved