Okay I have a crisis here about PHP and sessions.
Posted: Sat Mar 06, 2010 4:15 am
Hi everyone here is my problem. I inherited a huge PHP website from another person at a company. This website uses sessions. It also has user control. For instance an Admin has all rights, a SuperUser has less rights, and a User has the least rights. My website uses frames.
With the advent of tabbed browsing here is what is happening. I will create a simple example to help explain my problem.
If an Admin user logs into the site he can see the navigation on the left side and lets say there is an admins pictures link, a superuser pictures link, and a users pictures link.
I want the Admin user to see everyones pictures, the SuperUser can only see the superusers pictures and users pictures, and the User can only see the users pictures. Also just hiding the link is not sufficient. I need to prevent them from navigating to the page manually.
Here is what happens. If an User logs in on tab1 and leaves the tab open, then opens tab2 and an Admin logs in, now on the tab1 the User is allowed access with the same rights as Admin.
What I would like to do is...
If a User logs in on tab1, and then an Admin opens another tab2 and logs in. I would like the User on tab1, as soon as he tries to navigate to another page or perform an action to automatically be kicked out to the login page. Basically killing that window.
I need my website to allow multiple sessions, but not from the same browser on the same computer, so that one cannot high-jack someone else's credentials and perform duties they are not supposed to do.
Does this make sense?
thanks
With the advent of tabbed browsing here is what is happening. I will create a simple example to help explain my problem.
If an Admin user logs into the site he can see the navigation on the left side and lets say there is an admins pictures link, a superuser pictures link, and a users pictures link.
I want the Admin user to see everyones pictures, the SuperUser can only see the superusers pictures and users pictures, and the User can only see the users pictures. Also just hiding the link is not sufficient. I need to prevent them from navigating to the page manually.
Here is what happens. If an User logs in on tab1 and leaves the tab open, then opens tab2 and an Admin logs in, now on the tab1 the User is allowed access with the same rights as Admin.
What I would like to do is...
If a User logs in on tab1, and then an Admin opens another tab2 and logs in. I would like the User on tab1, as soon as he tries to navigate to another page or perform an action to automatically be kicked out to the login page. Basically killing that window.
I need my website to allow multiple sessions, but not from the same browser on the same computer, so that one cannot high-jack someone else's credentials and perform duties they are not supposed to do.
Does this make sense?
thanks