|logging into two site accounts from one pc and two browser instances? |
If this is the wrong place to ask this question, let me know.
I set up a basic site login process for an online site i built based on what i learned from the php.net. I can log into the site from the first instance of the firefox browser, but when i start up another instance of the firefox browser and access the same site, it tells me that I'm already logged in. If i log off from one browser instance, it also logs me off of the other browser instance.
I need to be able to log into and off of different accounts from multiple instances of the firefox browser from one workstation.
I know that i most likely need to pass some sort of different session ID between the server and each site client. From what i've been reading, i think this should be able to be handled by setting or creating a different session cookie for each client browser instance on the server side. Session management between browser instances would then be handled behind the scenes. Is this correct, or would i have to pass a unique session ID between server and each client via client ajax calls to insure that the correct data is being sent the requesting client.
I'm hoping someone can point me in the right direction with respects to some documentation or tutorial on the subject.
can't firefox natively or with an add on have tabs that are 'private' just like chrome, if so i should think you could do this by using this.
Are you saying that chrome can (with an add on) or does (natively) have tabs that are private?
Cause, with my basic php login script that just checks to see if $session['login'] is set, i logged into my site in one chrome tab then accessed the site in another tab and i was still logged in.
Are you referring to Incognito mode (browse in private)?
incognito mode i meant
i haven't tried it, but surely it can't be incognito if it shares cookies/sessions with another tab
Chrome does seem to share the cookie with other incognito tabs (log into a site on one, and you are logged in on another one also), but not with the browser window that is not incognito. So you could have two Chrome instances running, one incognito and one not and log in with the different sets of credentials.
Firefox actually closes down and saves the tabs of the non-private session and won't open up a non-private one until you shut the private one, again any of the private sessions look like they can access the cookie (logging in with one tab means you are logged in on the other ones, even in a new window).
Would portable versions of the browsers ( eg firefox and say another like opera ) aid in anyway ?
So to answer the Original question. Yes to have two browsers be treated as two different sessions you would need to have each browser instance/tab keep a session key (that isn't stored in a cookie) that you pass back to the server with each request and persisted across different requests.
You can't store this session ID in the cookie as then it would be shared between the instances and you can only have one session logged in. If you tried to storing multiple cookies (one for each session) or multiple session keys in the cookie, you would run into the issue that the browser then would not know which cookie or session key belongs to it, unless you are storing the pointer to this key in another manner in each browser instance anyway (so it's easier just to keep the Session key in the first place).
A thread over here sums it up [velocityreviews.com...]
You have three ways:
1. Store session ID in cookie file
2. Store Session ID in the URL (for example,
3. Store Session ID in QueryString (for example,
I would add a fourth option which would be a (hidden) form element containing the session key, but you can only use that if you are using POST's of the page to navigate to the next one.
Dijkgraaf and others,
thank for the info and pointer to the other doc. I will review and get back to you with a final solution.
BTW... I noticed that my credit union's web site, msufcu.org, is able to allow separate login's from multiple instances of the same browser. In viewing the site source, it appears that they are passing a session id back and forth.
Can anyone verify this?