bowlesj wrote:
So what I do is if they are logged in I have all close out buttons for all pages in exactly the same top right area to encourage them to log out when they finally get back to the main control page which has the log out button .
Maybe your site is completely different from all other sites, but why are you encouraging them to log out? If anything you should be encouraging them to log
in.
bowlesj wrote:
If they log out it takes them to the home page and the home page removes the session file. This approach was mainly to reduce the number of session files kicking around since I didn't want them created unless a viewer of the home page decided to log in (save disk space and general unwanted clutter).
You're spending your time worrying about something that doesn't matter. Unless you specifically disabled it PHP installations will delete old session files automatically, and unless you're putting tons of information in the session each file will be very small, and on top of that disk space is cheap.
bowlesj wrote:
So here is why I got concerned with this approach. It is something that probably will never happen but it in theory could. If they happen to log in twice (enter the home page twice so they can get to the login page) it will kill their process file (tested and it definitely does). On thinking about this I think this is actually a good thing since if they try to log in twice from the same machine it creates a problem for processing (confused session file). So maybe in the end it is better to leave it the way I have it and that special error screen that is called will tell them that they must not enter the home page twice on the same machine because it creates unexpected results (extra debugging work for me which I don't want). This page does not send me an email error message (again less emails which is good).
It doesn't make sense for a user to deliberately do that so don't even allow it in the first place.
bowlesj wrote:
So far after thousands of runs through this approach it has not given me a problem and I guess maybe by explaining it hear I answered my own question. Specifically just modify the special error page that is produced so that if they try to log in via two home pages entries to tell them not to do that, why not to do that, and what to do if they happen to have done that. What I would do is tell them close out all pages and log off properly then log in again (opening only one home page this time).
They don't need to close all the pages or anything drastic like that. Just pick a tab/window, log out, and log in: whatever other pages they have open can stay open, but next time they try to go anywhere it will be as the new user. Worst case they don't log in again but it's not like that really matters.
You're way over-thinking this. Knowing what's going on with session files and stuff is good and all, and I wish the other 99% of PHP developers cared about knowing what goes on under the hood too, but it's getting the best of you. PHP, web servers, the internet, they're all made to work a certain way so don't fight against it.