Welcome to WebmasterWorld Guest from

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

question about php login sessions across multiple browser instances.



3:06 pm on Jun 29, 2012 (gmt 0)

5+ Year Member

hi all,

I set up a basic php session login process for an online site i built based on what i learned from the php.net and other sources. It works in that after the user session variable $_SESSION['Login'] is created, the php login script checks to see if the session variable $_SESSION['Login'] is set any time the index page is reloaded.

However, i'd like to be able to login into a different user account from another instance of the same browser (firefox in this case) while leaving the login session in the previous browser instance alone. Unfortunately, my current basic php login script does not accommodate the capability from one workstation.

I need to be able to log into different accounts from multiple instances of the firefox browser from one workstation.

After reading about sessions on php.net, i'm no closer to figuring this out.

I'm hoping someone can point me in the right direction with respects to some information, documentation or tutorial on how this can be done.



4:05 pm on Jun 29, 2012 (gmt 0)

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member

One way would be to create a different session key for each login. An example, you're currently just checking if it's set.

if ($_SESSION and isset($_SESSION['Login'])) {

Instead of just checking if it's set, you'd need to look for different keys.

$login_levels = array('member','manager','administrator');

$_SESSION['member'] = $userid;


$_SESSION['manager'] = $userid;


$_SESSION['administrator'] = $userid;

How you'd "limit" each logged in instance is another puzzle entirely. All three session values will be available to each instance in the same browser because they are tied to the same session ID by the same PHPSESSID cookie, how do you separate them?

The only method that comes to mind is to locate something actually in the page or links for each browsing instance that tracks this.

<input type="hidden" name="level_index" value="0"> <!-- 0 for member, 1 for manager, 2 for administrator -->


This would require more validation checks to avoid being hacked, for example, on every page view you'd have to check that the user has permissions for that "level."

Nothing else comes to mind at the moment (except using different browsers. :-) )


5:22 pm on Jun 29, 2012 (gmt 0)

5+ Year Member

While i haven't fully absorbed your response yet, the ability to log into different accounts using multiple browser instances from a single workstation would be used by a single person logging into say two or three different member accounts in order to view and access those member's data without having to log off one account and log into another through out the day. The idea is not to necessarily log into different user account levels such as manager or admin.

1. Does your concept of creating a different session key for each login make any difference in this case?

2. Am i correct in that it seems that what i'm asking for is not typical?


2:35 pm on Jun 30, 2012 (gmt 0)

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member

OK then, instead of the different keys you'd store the user id or some other handle in the page. You'd probably have to create new keys though so they don't overwrite each other.

$_SESSION['Login'] = 123456; // first userid
$_SESSION['Login2'] = 123457; // second userid

<input type="hidden" name="this_user" value="123456">
<input type="hidden" name="this_user" value="123457">

Yeah it doesn't seem like I've seen this much.


9:43 pm on Jul 7, 2012 (gmt 0)

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

another instance of the same browser

The first fallacy is that the browser creates another instance, it doesn't. It's just one browser instance with multiple windows which is what makes what you want to do a real pain because it's the same cookie tracking the same session no matter how many windows you have open.

You would have to create a login key which would be unique per tab or window to do what you want. This key would have to be included on all links and forms on all pages displayed for that login. The odds of the browser getting it mixed up because of caching and other issues isn't trivial. To get down to implementation basics, we're talking about tracking an array of logins in a single session, not impossible but not clever IMO as it creates a big potential security risk.

It's just easier to use multiple browsers. Then it's no extra work as each browser has a completely unique login per browser.

Featured Threads

Hot Threads This Week

Hot Threads This Month