Login routine issues

antoine

I currently have built an application. I have got a login routine (see bottom), which works as I am able to check whether someone is logged in using another routine (also bottom). My problem is that if I open a new browser window and login again, the session information for the first window, disappears. Any ideas specifically with this code, or a location you can point me to, where I can do this better. The example below is from the 'PHP and MYSQL' book.

Thank you for your help.

<?
############################################

Module : user_check_login.php

Who When What

#
############################################

 include("inc_get_params.inc");

 if ($username && $password)
 {
    $query = "SELECT *
	          FROM   app_accounts
			  WHERE  acnt_username=\"".strtoupper($username)."\" 
			  AND    acnt_password=\"".strtoupper($password)."\"
                              AND    app_id = ".$app_id;

	include("inc_run_query.inc");


	if ($num_results > 0)
	{ 
	    $row = mysql_fetch_array($result);
	    session_start();
	    $acnt_id= $row["acnt_id"];
                session_register("acnt_id");

                if ($URL <> "")
                {$location ="Location:".$URL;}
                else
                {$location="Location:user_account_menu.php?app_id=".$app_id;}

                header($location);

                exit;
	}
	else
	{
	   include("inc_stylesheet.inc");
	   ?>
	   <p class="user"> Your e-mail address or password is incorrect. press <b>'BACK'</b>
	                    on your browser and try to login again. <br>If you have subscribed with this
			    e-mail address, but not registered, then please select the register option 
			    on the login page and follow the instructions.</p>
	<?}

 }
 else
 {   
     include("inc_stylesheet.inc");
     ?>
	 <p class="user"> You have left either the e-mail address or the password blank. Press <b>'BACK'</b>
	                    on your browser and try to login again. <br>
			    If you have subscribed with this
			    e-mail address, but not registered, then please select the register option 
			    on the login page and follow the instructions.</p>
	<?

 }

<?
############################################

Module : inc_check_session_user_inc

Who When What

#
############################################

 session_start();

 if ((session_is_registered("acnt_id")) and (!empty($HTTP_SESSION_VARS["acnt_id"])))
 {
$acnt_id = $HTTP_SESSION_VARS["acnt_id"];

    #now check that this is the right session for this application user. 

    if (!empty($app_id))
    {
        $query = "SELECT app_id
                  FROM   app_accounts
                  WHERE  acnt_id = ".$acnt_id;

        include("inc_run_query.inc");

        $entitled = "N";

        for ($i=0;$i<$num_results;$i++)
        {

           $row = mysql_fetch_array($result);

           if ($row["app_id"] = $app_id)
           { $entitled = "Y"; }

        }

        if ($entitled == "N")
        {
           include("inc_show_login_msg.inc");
        }

    }

 }
 else
 {  
           include("inc_show_login_msg.inc");
 }

cwissy

if ((session_is_registered("acnt_id")) and (!empty($HTTP_SESSION_VARS["acnt_id"])))
{
$acnt_id = $HTTP_SESSION_VARS["acnt_id"];

maybe you should check to see if the 2 values are the same, if they are not then you have 2 seperate sessions running, if they are, then you are in the same session i.e.

if($acnt_id == $HTTP_SESSION_VARS["acnt_id"])
{
    // single session stuff
}else{
    // in a second session
}