session confusion!!!!

nirvaan

hi everyone,
i used session to store username when a user is logged in. my problem is say a user A logs in. it's username is stored in session. And again another user B logs in but user A is still logged in. now the problem arises that is the old session is replaced by new. and when i open the page for user A, the page for user B is displayed as the session is replaced. how can i overcome this problem...i hope i made myself clear. pls suggest. thank you in advance.

YAOMK

are you using cookies? hidden fields? or a query string to pass the session id? How are you testing? i.e. using the same browser?

NogDog

Are you testing by using different tabs in the same browser or something like that? If so, then when you log in a different user the session cookie will overwrite the cookie saved by the browser for the previous user. If you want to test multiple users from the same browser, then you may need to use two different browsers, e.g. IE7 for user A and Firefox for user B.

nirvaan

hi frens. thanx for ur interest. yes i m using same browser but different tabs. does this mean that i cannot use session for multiple users in same browser. if i can pls suggest me. thanks again.

NogDog

nirvaan wrote:
hi frens. thanx for ur interest. yes i m using same browser but different tabs. does this mean that i cannot use session for multiple users in same browser. if i can pls suggest me. thanks again.

That is correct: if the users are using the same browser on the same computer, then the session cookies will clash. You might be able to avoid this by including the user ID as part of the cookie name, but off the top of my head I am not sure how I would do that. It does sort of beg the question, though, as to why your application would need to support two different users from the same client?

nirvaan

hi nogdog, i had tried ur idea. i tried to use the userid as part of my session name but still i faced the problem of passing the userid to other pages. for this i again had to use session. so the problem still exits...i want to knw if there is some solution to this problem else that's ok.

YAOMK

you could always not relay on cookies to pass your session, you could pass it as part of the query string or using hidden fields and set a .htaccess to override the default behavior, but like Nog said, why would you need more than one user using the same browser? or is it just that you are running into this issue due to your testing in a single client?

nirvaan

that's ok...now i think of allowing only a single person to log in using a single browser. is there method to check if the session already exits. i mean if a user tries to log in n another user is already logged in(as in my above case)... the second user is not allowed to logged in.thank you.

YAOMK

that's ok...now i think of allowing only a single person to log in using a single browser. is there method to check if the session already exits. i mean if a user tries to log in n another user is already logged in(as in my above case)... the second user is not allowed to logged in.thank you.

You could handle this with proper authentication and added logic to check whether the user is already logged.

nirvaan

hi frens,
using form i post a username and store it to session. like $SESSION['username']=$_POST['un'],$username=$SESSION['username']. now when i go to another pages and come back to this page by link.$SESSION['username'] is null as nothing is posted from the form this time.hence $username is also null. but i want to set the username from the session. how can i do this. pls suggest. thank you...

YAOMK

There is no need to pass the userName around as much as you do.

this should be sufficient:

session_start();
$_SESSION['userName'] = $_POST['userName'];

note how there is an under score key in $_SESSION, it is important that you always validate user input.

Then on your other pages you would have to do:

session_start();
echo $_SESSION['userName']
//.....

benracer

also if you wanted to create an log off feature put this on the pages of the members area...

The link...

<a href="http://yourdomain.com/logout.php">Logout</a>

On a seperate page...

<? 
session_start();
unset($_SESSION['userName']);
header("location:http://yourdomain.com/main_login.php");
?>

nirvaan

thank you for ur suggestions....