Page 1 of 1

[SOLVED] Session handling where multiple users log in

Posted: Wed Jun 04, 2008 5:28 am
by Janco
Hi there,

I have a web site that requires users to log in and then after the log in, depending in which table of a mysql users DB they will be directed to a relevant Main Page.

I use a piece of code that shows who is logged and if they form part of the CKS users it will add a href to the list which is only available to the CKS users and not the rest....it was to save some coding time:

Code: Select all

<td valign="top" align="center">
                        <?php echo "You are logged in as <b>". $_SESSION['logged_in'] ."</b>" ?></br>
                        </br>
                                <table id="nav" cellspacing="0" border="1" valign="top" width="100%">
                                        <tr id="nav"><td><a href="bwmain.php">Builders Warehouse</a></td></tr>
                                        <tr id="nav"><td><a href="wcmain.php">Builders W/Cape</a></td></tr>
                                        <tr id="nav"><td><a href="bxmain.php">Builders Express</a></td></tr>
                                                <?php
                                                $cks = $_SESSION['cks'];
                                                if ($cks !== 1) {} else {
                                                echo"<tr id=\"nav\"><td><a href=\"cksmain.php\">CKS Main Page</a></td></tr>"; }
                                                ?>
                                        <tr id="nav"><td><a href="main.php">HOME</a></td></tr>
                                        <tr id="nav"><td><a href="logout.php">LOG OUT</a></td></tr>
                                </table>
Each page has this piece of code on top to make sure that users have logged in before they view any page

<

Code: Select all

?php
session_start();
if ($_SESSION['basic_is_logged_in'] != true) {
header("location: index.php");
}
?>
This worked well if one user is logged in at a time but as soon as another user logs in the session is recreated and the session variables i.e. $_SESSION['logged_in'] is set to the new user logged in.

I've searched a couple of sites but they only explain how to do what I've done thus far but not what or how to make sure that a new session is created for every user that logs in eliminating the session of the user logged in first be overwritten by a session of a user that logs in after the first user.

How or what should I add to ensure that a separate session is created for every user. I have table in a DB that tracks user actions and is dependent on the $_SESSION['logged_in'] to populate the USer Name.

Thank you in advance

Re: Session handling where multiple users log in

Posted: Wed Jun 04, 2008 9:26 am
by nowaydown1
If your session data is being overwritten like that, then you probably have some issues with your session handling code. Are you using a disk based session handler or something else? When working with sessions, each user should get a unique session identifier. Are you calling session_id() anywhere? Is there any way you could post the code that handles populating those variables in the session that you're checking (I would assume your sign in process)?

Re: Session handling where multiple users log in

Posted: Tue Jun 10, 2008 8:43 am
by Janco
The code as requested from the login page:

Code: Select all

<?php
session_start();
 
if (isset($_POST['login']) && isset($_POST['password'])) {
$lname = $_POST['login'];
$lpass = $_POST['password'];
} else {
exit;}
?>
<?
mysql_connect("localhost","root","");
mysql_select_db("users");
 
 
$query1="select uname,passwd from cks_users where uname = '$lname' and passwd = '$lpass'";
$result1=mysql_query($query1) or die ("Could not log in because". mysql_error());
 
$query2="select uname,passwd from login where uname = '$lname' and passwd = '$lpass'";
$result2=mysql_query($query2) or die ("Could not log in because". mysql_error());
 
if (mysql_num_rows($result1) > 0) {
                $_SESSION['basic_is_logged_in'] = true;
                $_SESSION['logged_in'] = $lname;
                $_SESSION['cks'] = 1;
                mysql_query("update cks_users set last_login=SYSDATE() where uname='$lname'") or die (mysql_error());
                mysql_query("insert into user_audit(uname,user_action,date_time) values('$lname','LOGIN',SYSDATE())");
                header('Location: cksmain.php');
} elseif (mysql_num_rows($result2) > 0) {
                $_SESSION['basic_is_logged_in'] = true;
                $_SESSION['logged_in'] = $lname;
                mysql_query("update login set last_login=SYSDATE() where uname='$lname'") or die (mysql_error());
                mysql_query("insert into user_audit(uname,user_action,date_time) values('$lname','LOGIN',SYSDATE())");
                header('Location: terms.php');
        }
 else {
                echo "<center><h4><font color=\"red\">Incorrect Username or Password</font></h4></center>";
        }
 
?>
 
Hope it tells you anything

Re: Session handling where multiple users log in

Posted: Tue Jun 10, 2008 10:38 am
by superdezign
Are you logging in the multiple users from different browsers...? o_O
I can't see any other reason for a session to be overwritten unless they were still in the same session, considering your sessions are handled by PHP's default means.

Re: Session handling where multiple users log in

Posted: Thu Jun 19, 2008 2:22 am
by Janco
Are you logging in the multiple users from different browsers...? o_O
With the above, I assume you mean browsers on different PCs/Workstations?
If it is what you meant....yes they are accessing the page from different browsers.
I can't see any other reason for a session to be overwritten unless they were still in the same session
Correct me if I'm wrong but when the browser on pc1 connects to the PHP page a unique session is started for pc1 so that when pc2 connects another unique session is started for pc2 so at the end we have 2 different sessions. I can understand your statement if say user1 has logged in on pc1 and user2 logs in on the same pc using another tab in either Firefox or IE7 because essentially the session has been started by user1 and then, because the session still exists when user2 logs in, when user2 logs in the session is overwritten with the session details from user2.

The problem is that the users use their own workstations so the above should not happen and even though sessions are started, they are started from different workstations and each should have their own unique session which should be unset/deleted when they either log out or when the browser is closed.

I've played around with the session functions and somehow resolved the issue - but the original problem still remains a mystery but it working now.

Thank you for all the help - it's appreciated.