homepage Welcome to WebmasterWorld Guest from 54.166.53.169
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
question about php login sessions across multiple browser instances.
nelsonm

5+ Year Member



 
Msg#: 4470926 posted 3:06 pm on Jun 29, 2012 (gmt 0)

hi all,

I set up a basic php session login process for an online site i built based on what i learned from the php.net and other sources. It works in that after the user session variable $_SESSION['Login'] is created, the php login script checks to see if the session variable $_SESSION['Login'] is set any time the index page is reloaded.

However, i'd like to be able to login into a different user account from another instance of the same browser (firefox in this case) while leaving the login session in the previous browser instance alone. Unfortunately, my current basic php login script does not accommodate the capability from one workstation.

I need to be able to log into different accounts from multiple instances of the firefox browser from one workstation.

After reading about sessions on php.net, i'm no closer to figuring this out.

I'm hoping someone can point me in the right direction with respects to some information, documentation or tutorial on how this can be done.

Thanks.

 

rocknbil

WebmasterWorld Senior Member rocknbil us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4470926 posted 4:05 pm on Jun 29, 2012 (gmt 0)

One way would be to create a different session key for each login. An example, you're currently just checking if it's set.

if ($_SESSION and isset($_SESSION['Login'])) {

Instead of just checking if it's set, you'd need to look for different keys.

$login_levels = array('member','manager','administrator');

$_SESSION['member'] = $userid;

or

$_SESSION['manager'] = $userid;

or

$_SESSION['administrator'] = $userid;

How you'd "limit" each logged in instance is another puzzle entirely. All three session values will be available to each instance in the same browser because they are tied to the same session ID by the same PHPSESSID cookie, how do you separate them?

The only method that comes to mind is to locate something actually in the page or links for each browsing instance that tracks this.

<input type="hidden" name="level_index" value="0"> <!-- 0 for member, 1 for manager, 2 for administrator -->

view-members.php?level_index=0

This would require more validation checks to avoid being hacked, for example, on every page view you'd have to check that the user has permissions for that "level."

Nothing else comes to mind at the moment (except using different browsers. :-) )

nelsonm

5+ Year Member



 
Msg#: 4470926 posted 5:22 pm on Jun 29, 2012 (gmt 0)

While i haven't fully absorbed your response yet, the ability to log into different accounts using multiple browser instances from a single workstation would be used by a single person logging into say two or three different member accounts in order to view and access those member's data without having to log off one account and log into another through out the day. The idea is not to necessarily log into different user account levels such as manager or admin.

1. Does your concept of creating a different session key for each login make any difference in this case?

2. Am i correct in that it seems that what i'm asking for is not typical?

rocknbil

WebmasterWorld Senior Member rocknbil us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4470926 posted 2:35 pm on Jun 30, 2012 (gmt 0)

OK then, instead of the different keys you'd store the user id or some other handle in the page. You'd probably have to create new keys though so they don't overwrite each other.

$_SESSION['Login'] = 123456; // first userid
$_SESSION['Login2'] = 123457; // second userid


<input type="hidden" name="this_user" value="123456">
or
<input type="hidden" name="this_user" value="123457">

Yeah it doesn't seem like I've seen this much.

incrediBILL

WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 4470926 posted 9:43 pm on Jul 7, 2012 (gmt 0)

another instance of the same browser


The first fallacy is that the browser creates another instance, it doesn't. It's just one browser instance with multiple windows which is what makes what you want to do a real pain because it's the same cookie tracking the same session no matter how many windows you have open.

You would have to create a login key which would be unique per tab or window to do what you want. This key would have to be included on all links and forms on all pages displayed for that login. The odds of the browser getting it mixed up because of caching and other issues isn't trivial. To get down to implementation basics, we're talking about tracking an array of logins in a single session, not impossible but not clever IMO as it creates a big potential security risk.


It's just easier to use multiple browsers. Then it's no extra work as each browser has a completely unique login per browser.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved