[SOLVED] Session handling where multiple users log in

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Janco
Forum Commoner
Posts: 37
Joined: Fri Apr 25, 2008 2:51 am

[SOLVED] Session handling where multiple users log in

Post by Janco »

Hi there,

I have a web site that requires users to log in and then after the log in, depending in which table of a mysql users DB they will be directed to a relevant Main Page.

I use a piece of code that shows who is logged and if they form part of the CKS users it will add a href to the list which is only available to the CKS users and not the rest....it was to save some coding time:

Code: Select all

<td valign="top" align="center">
                        <?php echo "You are logged in as <b>". $_SESSION['logged_in'] ."</b>" ?></br>
                        </br>
                                <table id="nav" cellspacing="0" border="1" valign="top" width="100%">
                                        <tr id="nav"><td><a href="bwmain.php">Builders Warehouse</a></td></tr>
                                        <tr id="nav"><td><a href="wcmain.php">Builders W/Cape</a></td></tr>
                                        <tr id="nav"><td><a href="bxmain.php">Builders Express</a></td></tr>
                                                <?php
                                                $cks = $_SESSION['cks'];
                                                if ($cks !== 1) {} else {
                                                echo"<tr id=\"nav\"><td><a href=\"cksmain.php\">CKS Main Page</a></td></tr>"; }
                                                ?>
                                        <tr id="nav"><td><a href="main.php">HOME</a></td></tr>
                                        <tr id="nav"><td><a href="logout.php">LOG OUT</a></td></tr>
                                </table>
Each page has this piece of code on top to make sure that users have logged in before they view any page

<

Code: Select all

?php
session_start();
if ($_SESSION['basic_is_logged_in'] != true) {
header("location: index.php");
}
?>
This worked well if one user is logged in at a time but as soon as another user logs in the session is recreated and the session variables i.e. $_SESSION['logged_in'] is set to the new user logged in.

I've searched a couple of sites but they only explain how to do what I've done thus far but not what or how to make sure that a new session is created for every user that logs in eliminating the session of the user logged in first be overwritten by a session of a user that logs in after the first user.

How or what should I add to ensure that a separate session is created for every user. I have table in a DB that tracks user actions and is dependent on the $_SESSION['logged_in'] to populate the USer Name.

Thank you in advance
Last edited by Janco on Thu Jun 19, 2008 2:22 am, edited 1 time in total.
nowaydown1
Forum Contributor
Posts: 169
Joined: Sun Apr 27, 2008 1:22 am

Re: Session handling where multiple users log in

Post by nowaydown1 »

If your session data is being overwritten like that, then you probably have some issues with your session handling code. Are you using a disk based session handler or something else? When working with sessions, each user should get a unique session identifier. Are you calling session_id() anywhere? Is there any way you could post the code that handles populating those variables in the session that you're checking (I would assume your sign in process)?
Janco
Forum Commoner
Posts: 37
Joined: Fri Apr 25, 2008 2:51 am

Re: Session handling where multiple users log in

Post by Janco »

The code as requested from the login page:

Code: Select all

<?php
session_start();
 
if (isset($_POST['login']) && isset($_POST['password'])) {
$lname = $_POST['login'];
$lpass = $_POST['password'];
} else {
exit;}
?>
<?
mysql_connect("localhost","root","");
mysql_select_db("users");
 
 
$query1="select uname,passwd from cks_users where uname = '$lname' and passwd = '$lpass'";
$result1=mysql_query($query1) or die ("Could not log in because". mysql_error());
 
$query2="select uname,passwd from login where uname = '$lname' and passwd = '$lpass'";
$result2=mysql_query($query2) or die ("Could not log in because". mysql_error());
 
if (mysql_num_rows($result1) > 0) {
                $_SESSION['basic_is_logged_in'] = true;
                $_SESSION['logged_in'] = $lname;
                $_SESSION['cks'] = 1;
                mysql_query("update cks_users set last_login=SYSDATE() where uname='$lname'") or die (mysql_error());
                mysql_query("insert into user_audit(uname,user_action,date_time) values('$lname','LOGIN',SYSDATE())");
                header('Location: cksmain.php');
} elseif (mysql_num_rows($result2) > 0) {
                $_SESSION['basic_is_logged_in'] = true;
                $_SESSION['logged_in'] = $lname;
                mysql_query("update login set last_login=SYSDATE() where uname='$lname'") or die (mysql_error());
                mysql_query("insert into user_audit(uname,user_action,date_time) values('$lname','LOGIN',SYSDATE())");
                header('Location: terms.php');
        }
 else {
                echo "<center><h4><font color=\"red\">Incorrect Username or Password</font></h4></center>";
        }
 
?>
 
Hope it tells you anything
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Re: Session handling where multiple users log in

Post by superdezign »

Are you logging in the multiple users from different browsers...? o_O
I can't see any other reason for a session to be overwritten unless they were still in the same session, considering your sessions are handled by PHP's default means.
Janco
Forum Commoner
Posts: 37
Joined: Fri Apr 25, 2008 2:51 am

Re: Session handling where multiple users log in

Post by Janco »

Are you logging in the multiple users from different browsers...? o_O
With the above, I assume you mean browsers on different PCs/Workstations?
If it is what you meant....yes they are accessing the page from different browsers.
I can't see any other reason for a session to be overwritten unless they were still in the same session
Correct me if I'm wrong but when the browser on pc1 connects to the PHP page a unique session is started for pc1 so that when pc2 connects another unique session is started for pc2 so at the end we have 2 different sessions. I can understand your statement if say user1 has logged in on pc1 and user2 logs in on the same pc using another tab in either Firefox or IE7 because essentially the session has been started by user1 and then, because the session still exists when user2 logs in, when user2 logs in the session is overwritten with the session details from user2.

The problem is that the users use their own workstations so the above should not happen and even though sessions are started, they are started from different workstations and each should have their own unique session which should be unset/deleted when they either log out or when the browser is closed.

I've played around with the session functions and somehow resolved the issue - but the original problem still remains a mystery but it working now.

Thank you for all the help - it's appreciated.
Post Reply