Session is getting overwritten in php using same browser.

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
Sankalp_nyn
Forum Newbie
Posts: 1
Joined: Sun Jan 10, 2010 3:21 am

Session is getting overwritten in php using same browser.

Post by Sankalp_nyn »

In having a problem of session overwriting using one browser.

Using PHP:

After a successful login I register the user session as below:
$_SESSION['username'] =$username;

I call this session from other pages for users ($_SESSION['username']) to get relevant data for the user.

It works fine when accessed with one user logged in. The problem starts when second user logs in.. Now, when I refresh the page of first user, second user data appears.. as session $SESSION[username] is overwritten by second logged in user.


This happens only when using same browsers for the users, this problem does not occur if both logged in different browsers. (Eg: if users both using firefox having problem, if one uses firefox and other uses Opera the problem does not occur.

Please.. Please give me some advice on this...
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: Session is getting overwritten in php using same browser.

Post by kaisellgren »

Are you saying that you are trying to log in with different accounts on your own?
vanguard
Forum Newbie
Posts: 13
Joined: Mon Jan 11, 2010 9:10 am

Re: Session is getting overwritten in php using same browser.

Post by vanguard »

Are you trying to log in with both accounts from the same computer? If so, this would be perfectly normal behaviour. If this isnt the problem, check to see where your sessions are being stored (session.save_path) and whether you are manually setting a session name with session_name. I wouldnt have thought these would be a problem, but theres no harm in checking.

- Alex
Last edited by vanguard on Mon Jan 11, 2010 4:51 pm, edited 1 time in total.
User avatar
AbraCadaver
DevNet Master
Posts: 2572
Joined: Mon Feb 24, 2003 10:12 am
Location: The Republic of Texas
Contact:

Re: Session is getting overwritten in php using same browser.

Post by AbraCadaver »

AFAIK, you can't have two separate sessions at the same time using one browser. The browser stores a cookie with the session id and that single cookie would be used by all browser instances.
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
vanguard
Forum Newbie
Posts: 13
Joined: Mon Jan 11, 2010 9:10 am

Re: Session is getting overwritten in php using same browser.

Post by vanguard »

However, it would be possible to emulate having multiple sessions if you design the site to do that, using arrays in the session. Its just not very useful.
Post Reply