1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 1:38 am Apr 28, 2026

Forum Moderators: coopster

Message Too Old, No Replies

a question about login using session variables.

         

nelsonm

4:34 pm on May 3, 2012 (gmt 0)

10+ Year Member



Hi all,

I'm developing a web based customer scheduling and workorder tracking site.

I have been studying the php manual and searching the internet to learn enough about php sessions to use it in the login process.

While i went ahead and added session capability to my login script, the concept of managing multiple sessions is still somewhat foggy to me and i don't know how to implement certain capabilities such as:

1. How to keep the user logged in when the page is refreshed.
2. how to implement multiple login sessions on the same pc from either different browser tabs or browser windows.
3. How do i keep each login's session data separate so the multiple site instances don't step on each other.

The client has three monitors attached to one pc and wants to be able to log into the site under different user names to view and manage different aspects of the site from each monitor at the same time.

I'm not looking for code... I'm just hoping someone can help me understand what i need to do to accomplish the above three points.


I currently have the following session code segments in my php login script but it's only capable of handling one login session...
(sorry, i don't know how to keep the code's indentation in this post)

// allow sessions to be passed so we can see if the user is logged in.
session_start();

if($_SERVER['REQUEST_METHOD'] == 'POST'){
// process login or logout request.

switch (CheckField($_POST['Submit'])) {
case 'login':
// check form fields to prevent sql database injection attack.
$username = CheckField($_POST['username']);
$password = CheckField($_POST['password']);

// did user fill the username and password fields?
if($username && $password){
//query the database
$sql = 'SELECT ur.URID, ur.UserName, ur.UTID, ut.UserType, ur.MEID, me.FirstName, me.LastName, ur.FRID, fr.FranchiseAbbrev, fr.FranchiseName';
$sql .= ' FROM '.$crudTable['user-ur'].' AS ur';
$sql .= ' LEFT JOIN '.$crudTable['franchise-fr'].' AS fr ON ur.FRID = fr.FRID';
$sql .= ' LEFT JOIN '.$crudTable['member-me'].' AS me ON ur.MEID = me.MEID';
$sql .= ' LEFT JOIN '.$crudTable['ur-type-ut'].' AS ut ON ur.UTID = ut.UTID';
$sql .= ' WHERE ur.UserName = "'.$username.'" AND ur.PassWord = "'.$password.'"';

$result = mysql_query($sql);

// did query succeed?
if($result){
// was the username and password found?
if(mysql_num_rows($result) == 1){
// put all fields of the record into an associative array.
$row = mysql_fetch_assoc($result);

// set the login session by storing the user's user id and login datatime in the session table. we use this to see if they are logged in or not.
if(!isset($_SESSION['Login'])){
$_SESSION['Login'] = true;
$_SESSION['URID'] = $row['URID'];// user id
$_SESSION['UserName'] = $row['UserName'];// user's login name
$_SESSION['UTID'] = $row['UTID'];// user's type id
$_SESSION['UserType'] = $row['UserType'];// user type
$_SESSION['MEID'] = $row['MEID'];// user's member id
$_SESSION['FirstName'] = $row['FirstName'];// user's member first name
$_SESSION['LastName'] = $row['LastName'];// user's member last name
$_SESSION['FRID'] = $row['FRID'];// user's franchise id
$_SESSION['FranchiseAbbrev'] = $row['FranchiseAbbrev'];// user's franchise code
$_SESSION['FranchiseName'] = $row['FranchiseName'];// user's franchise name
$_SESSION['LoginDate'] = date('M dS, Y h:ia');// user's login date & time

// construct login status message.
$response = status('You have successfully logged in! ','','Login Status: '.$_SESSION,true);
logMsg(__LINE__,'I',$response['message']);

}else{
// construct login status message.
$response = status('You are already logged in! ','','Login Status: '.$_SESSION,false);
logMsg(__LINE__,'I',$response['message']);
}
}else{
// construct user status message.
$response = status('Invalid Username and/or Password. ','','',false);
logMsg(__LINE__,'I',$response['message']);

}
.
.
.
break;
.
.
.
case 'logout':
$_SESSION['LogoutDate'] = date('M dS, Y h:ia');// user's logout date & time

// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,$params["path"], $params["domain"], $params["secure"], $params["httponly"]);
}

// Finally, destroy the session.
session_destroy();

// construct user status message.
$response = status('You have successfully logged out! ','',$_SESSION['LogoutDate'],true);
logMsg(__LINE__,'I',$response['message']);

// Unset all of the session variables.
$_SESSION = array();

break;
.
.
.

}else{
// construct user status message.
$response = status('Invalid request method ',$_SERVER["REQUEST_METHOD"],'Login not processed.'.mysql_error(),false);
logMsg(__LINE__,'I',$response['message']);
}

// encode to json format and send output back to client side.
echo json_encode($response);
logMsg(__LINE__,'I','Send output back to client login javascript');

// close the connection to the MySQL server.
mysql_close($open);

// Flush (send) the output buffer and turn off output buffering.
ob_end_flush();

incrediBILL

5:50 pm on May 3, 2012 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



The client has three monitors attached to one pc and wants to be able to log into the site under different user names to view and manage different aspects of the site from each monitor at the same time.



Simple answer: 3 different browsers, one on each monitor, done.

Sessions are just data bound to a page via a tracking cookie and you can only track one session per browser, not per tab or window. To do multiple logins in a single browser would require putting the login ID or session ID on all the URLs which is ugly. Each GET and POST would have to identify which login ID the page is referencing.

If this is for a single client that insists on a single browser, one possible simple approach might be subdomains such as "screen1.example.com, screen2.example.com, screen3.example.com" which could redirect content through example.com per login per subdomain. Technically since each subdomain is a different domain, each one could easily have a unique session, so opening one per tab or window isn't the same type of problem that having them all login via the root domain example.com becomes. No login IDs per URL, none of that nonsense, all cleanly tracked per session cookie per subdomain.

nelsonm

6:56 pm on May 3, 2012 (gmt 0)

10+ Year Member



Thanks for responding so quickly and clearing the session issue up for me.

With respect to the user trying to access and log into the site through multiple tabs in the same browser, I'll just have to modify the login javascript/phpscript to notify the user that he/she is already logged in.

Q1. With regard to the first question: "How to keep the user logged in when the page is refreshed (reloaded)", is this a session issue or a login javascript/phpscript issue?

Q2. As a point of interest, when i log into my newegg.com user account in one tab , it shows my name and a logout button in a box in the upper right hand corner of the page. If i enter the same url in another tab of the same browser, the second tab instance of newegg.com diosplays the same login box indicating that i'm logged in. Is newegg.com checking its browser cookie to see if i'm currently logged in and if so, sends me back a page with the same logged in box in the upper right hand corner?

cffrost2

2:30 am on May 4, 2012 (gmt 0)

10+ Year Member



Q1. With regard to the first question: "How to keep the user logged in when the page is refreshed (reloaded)", is this a session issue or a login javascript/phpscript issue?

this is a session "issue". The sessions hold the "logged in" status.

Q2. As a point of interest, when i log into my newegg.com user account in one tab , it shows my name and a logout button in a box in the upper right hand corner of the page. If i enter the same url in another tab of the same browser, the second tab instance of newegg.com diosplays the same login box indicating that i'm logged in. Is newegg.com checking its browser cookie to see if i'm currently logged in and if so, sends me back a page with the same logged in box in the upper right hand corner?

thatsite.com is using a session that is set to know you are logged in. Sessions are valid across each tab in a single browser window. If you log in on one tab, then open a new tab and visit the same site, the logged in session var holds true in that tab also.

nelsonm

3:40 am on May 4, 2012 (gmt 0)

10+ Year Member



Thanks for the help!

I don't mean to sound stupid but, When you say 'The sessions hold the "logged in" status.', do you mean there are global "logged in" status session variables i can access or do you mean manually assigning session variables myself?

cffrost2

3:49 am on May 4, 2012 (gmt 0)

10+ Year Member



I mean after you run your log in script, upon success, you manually set a session variable such as $_SESSION['loggedin'] = true;
Then, for each page or in some beginning page include, you look for that session to allow access or redirect them (a common way of handling things) 
if($_SESSION['loggedin'])
{
//show anything you want involved with being logged in
}
else
{
//show an error or redirect
echo 'You must be logged in to view this page';
//or redirect
header('Location: http://www.example.com/login.php');
}

nelsonm

4:15 am on May 4, 2012 (gmt 0)

10+ Year Member



Which i'm already doing in my code segment above. So the issue i'm having during refresh is do to how i open the login dialog. I need to pass the logged in session variable value from php to the jquery login dialog and test if i'm already logged in.

rocknbil

4:11 pm on May 4, 2012 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Is newegg.com checking its browser cookie to see if i'm currently logged in and if so, sends me back a page with the same logged in box in the upper right hand corner?


YES.

Sessions are inherently cookie-based*, that is, when a session is set the PHPSESSID for that domain is set in your browser. The difference between PHP and other languages is that it "automatically" checks for and validates that cookie and uses it to interact with $_SESSION variables, and in other languages we have to do that manually (e.g., create our own session ID's and save them somewhere, check for the cookie, read it's value, associate the cookie with the session data, associate that data with something specific to this user.)
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 1:38 am Apr 28, 2026