PHP Developers Network
http://forums.devnetwork.net/

User conflict...
http://forums.devnetwork.net/viewtopic.php?f=34&t=134953
Page 1 of 1

Author:  orbdrums [ Wed Mar 21, 2012 1:54 pm ]
Post subject:  User conflict...

I have a site that allows members to log in. If a member is logged in and another browser session is started with another member logging in, the second member becomes the active member on the first browser session effectively hijacking the first members account. I'm not sure which code is allowing this to happen. Does anyone have a suggestion?
Thanks.

Author:  social_experiment [ Wed Mar 21, 2012 5:13 pm ]
Post subject:  Re: User conflict...


Author:  califdon [ Wed Mar 21, 2012 5:51 pm ]
Post subject:  Re: User conflict...


Author:  orbdrums [ Wed Mar 21, 2012 9:54 pm ]
Post subject:  Re: User conflict...

Thanks for the replies and here is more info. I am using Safari and it is the same browser session in a different tab on the same computer. What I'm trying to avoid is a member logging in on one tab and another member logging in another tab on the same computer which causes the conflict. Is there a way to make a user log off before another user logs in on the same computer? That would take care of the issue.

Author:  social_experiment [ Thu Mar 22, 2012 2:31 am ]
Post subject:  Re: User conflict...


Author:  califdon [ Thu Mar 22, 2012 12:14 pm ]
Post subject:  Re: User conflict...

I think you have a fundamental question to ask yourself: how can you possibly know whether it is the same or a different person who is using the same computer and the same browser, merely opening a new tab? That's exactly the same as the same person just deciding to sign on as a different user.

What you could do, I suppose, is (as part of your login page) check to see if a user is already logged on in the current session, and not allow another login until the currently logged-in user has logged out.

Author:  orbdrums [ Thu Mar 22, 2012 10:26 pm ]
Post subject:  Re: User conflict...

Here is the auth.php file. I'm not real sure what code (or even the logic) to add to this file.

Syntax: [ Download ] [ Hide ]
<?php
        session_start();
       
        if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == ''))
        {
                header("location: access-denied.php");
                exit();
        }
?>

Author:  social_experiment [ Fri Mar 23, 2012 2:28 am ]
Post subject:  Re: User conflict...

If you were to follow my advice you would place the code on your login page;
Syntax: [ Download ] [ Hide ]
<?php
 $_SESSION = array();
 // or
 unset($_SESSION);
?>

This unsets (removes) any session variables that exists: this would then log out any person logged in on the same browser.

I don't understand the necessity for this sort of measure; if you could perhaps explain a bit more. Logically speaking two people using the same browser and the same terminal for the same application doesn't make sense, it would be easier to create a general user which grants access to all users (same privileges, same functions). This might be the case but then forcing logout would be pointless as the application doesn't have to logout. For a multi-user setup this is rather pointless imo; if the system has user specific functions & roles (one user is admin while another is a normal user) then common sense dictates that you would logout before allowing someone else, who might be a lower lever user, to work on the computer

Author:  orbdrums [ Fri Mar 23, 2012 12:52 pm ]
Post subject:  Re: User conflict...

I see your point now. I'm developing in a localhost environment and doing some testing that is probably not a real world situation. And besides, if someone doesn't log out then it makes sense that the new session would take precedent. I'm over thinking this as usual. Thanks for the advice and clarity.

Author:  califdon [ Fri Mar 23, 2012 1:03 pm ]
Post subject:  Re: User conflict...


Page 1 of 1 All times are UTC - 5 hours
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/