Page 1 of 1

Multi-Session handling: multi user logins

Posted: Tue Jan 18, 2005 5:52 am
by labdev
Hi!

Got this problem:

I'm building an HelpDesk sys in PHP and one of the features i must implement is the ability to support "Multi Login", in the form of "Same user must be able to open and work at 2 diferent work-session" -- i.e., any user can open 2 or more browser pages and Login with the same/or different ID...

Until now, i have been using Session Vars (PHP or ASP), but cant figure out how i can do this, without hidden fields or url passsed vars...

When i use Session Vars, anytime that a user open "duplicates" the browser window and Logins, assume the previous session_id() and mix up everything...

can anyone help??
Thanxs!

Posted: Tue Jan 18, 2005 6:44 am
by Trenchant
When a user first logs in add their username and the current time to a database row. Then on every page in your helpdesk sys's header add a script that updates their specific database row.

So heres an example:

User logs in at:
(month)(day)(hour)(minute)(am=1,pm=2)
011806401
(since a session would expire in a givin time you dont have to include the year)

Then on every page in your help desk include a script that updates only their time. Included in the script also at the same time delete any rows that have a time older than like 20 minutes.

So then you have a way to accurately track your users. This still will not prevent multiple users from loggin onto the same account. Now just add a statement in your login form that checks if the username is in the database. If they are tell them that the account is currently in use or somethign along those lines.

This will also help you later on in your script for something like a "Who's Online?"

Posted: Tue Jan 18, 2005 8:58 am
by labdev
pheraphs i didnt explain well: it is suposed to work WITH multiple Logins in a way that the same user can login many times, by opening a new browser window, on the same machine!

------ example --------
SomeUserID = 1902;
AdminID = 9999;

i first Login with 1902; then i open another browser window and login with 9999; and then i open another one and login with 1902... an so on.
------ example --------

the application must be able to support this...
of course, for the aplication each user is "just another user", even if the Login ID is the same.

i think i can do this:
each time an user gets to Login page, i create a MD5( session_id() . time() ) and, provided that login is valid, get from the database all the vars i need for the work session, and INSERT into some "sessions" table that particular md5 ID string.
Then, when loading new pages, i must be able to re-write HTTP_VARS to include that ID, so i can (re)load from the database the vars i need for that user.

can i be done this way???
thanxs!

Posted: Tue Jan 18, 2005 9:02 am
by feyd
it can't be done with sessions on the browser side of things.. because the cookies are shared with all other browser windows.

This has to be done on the server.

Can I ask why they need to be able to have multiple login's from the same machine/browser? It would be a lot easier to do this if the machines were seperate, or they were different browsers (applications)

Posted: Tue Jan 18, 2005 9:20 am
by labdev
:)

yeh, i know :wink: but i have been asked to do it that way, so...
anyway, thanks for your time, dude :lol:

Posted: Tue Jan 18, 2005 9:33 am
by feyd
you could create a post-processor using output buffering and regular expressions that changes all links and things, like the trans_id feature does..

Posted: Tue Jan 18, 2005 10:16 am
by labdev
hey...

how can i REWRITE http key/value pairs?!?!??!
is there any function to achieve that?

only found so far HTTP_GET_VARS / HTTP_POST_VARS, both Read-Only... cant we rewrite http headers?

that way, i dont have to pass all vars by URL, like

Code: Select all

some.php?var1=xxx&var2=xpto...
thanxs!