Msg#: 4470926 posted 3:06 pm on Jun 29, 2012 (gmt 0)
I set up a basic php session login process for an online site i built based on what i learned from the php.net and other sources. It works in that after the user session variable $_SESSION['Login'] is created, the php login script checks to see if the session variable $_SESSION['Login'] is set any time the index page is reloaded.
However, i'd like to be able to login into a different user account from another instance of the same browser (firefox in this case) while leaving the login session in the previous browser instance alone. Unfortunately, my current basic php login script does not accommodate the capability from one workstation.
I need to be able to log into different accounts from multiple instances of the firefox browser from one workstation.
After reading about sessions on php.net, i'm no closer to figuring this out.
I'm hoping someone can point me in the right direction with respects to some information, documentation or tutorial on how this can be done.
How you'd "limit" each logged in instance is another puzzle entirely. All three session values will be available to each instance in the same browser because they are tied to the same session ID by the same PHPSESSID cookie, how do you separate them?
The only method that comes to mind is to locate something actually in the page or links for each browsing instance that tracks this.
<input type="hidden" name="level_index" value="0"> <!-- 0 for member, 1 for manager, 2 for administrator -->
This would require more validation checks to avoid being hacked, for example, on every page view you'd have to check that the user has permissions for that "level."
Nothing else comes to mind at the moment (except using different browsers. :-) )
Msg#: 4470926 posted 5:22 pm on Jun 29, 2012 (gmt 0)
While i haven't fully absorbed your response yet, the ability to log into different accounts using multiple browser instances from a single workstation would be used by a single person logging into say two or three different member accounts in order to view and access those member's data without having to log off one account and log into another through out the day. The idea is not to necessarily log into different user account levels such as manager or admin.
1. Does your concept of creating a different session key for each login make any difference in this case?
2. Am i correct in that it seems that what i'm asking for is not typical?
The first fallacy is that the browser creates another instance, it doesn't. It's just one browser instance with multiple windows which is what makes what you want to do a real pain because it's the same cookie tracking the same session no matter how many windows you have open.
You would have to create a login key which would be unique per tab or window to do what you want. This key would have to be included on all links and forms on all pages displayed for that login. The odds of the browser getting it mixed up because of caching and other issues isn't trivial. To get down to implementation basics, we're talking about tracking an array of logins in a single session, not impossible but not clever IMO as it creates a big potential security risk.
It's just easier to use multiple browsers. Then it's no extra work as each browser has a completely unique login per browser.