PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
 
Loading
It is currently Mon Oct 14, 2019 8:13 pm

All times are UTC - 5 hours




Post new topic Reply to topic  [ 10 posts ] 
Author Message
 Post subject: User conflict...
PostPosted: Wed Mar 21, 2012 1:54 pm 
Offline
Forum Commoner

Joined: Wed Sep 14, 2011 11:42 pm
Posts: 82
I have a site that allows members to log in. If a member is logged in and another browser session is started with another member logging in, the second member becomes the active member on the first browser session effectively hijacking the first members account. I'm not sure which code is allowing this to happen. Does anyone have a suggestion?
Thanks.


Top
 Profile  
 
 Post subject: Re: User conflict...
PostPosted: Wed Mar 21, 2012 5:13 pm 
Offline
DevNet Master
User avatar

Joined: Sun Feb 15, 2009 12:08 pm
Posts: 2794
Location: .za

_________________
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering


Top
 Profile  
 
 Post subject: Re: User conflict...
PostPosted: Wed Mar 21, 2012 5:51 pm 
Offline
Jack of Zircons
User avatar

Joined: Thu Nov 09, 2006 9:30 pm
Posts: 4484
Location: California, USA


Top
 Profile  
 
 Post subject: Re: User conflict...
PostPosted: Wed Mar 21, 2012 9:54 pm 
Offline
Forum Commoner

Joined: Wed Sep 14, 2011 11:42 pm
Posts: 82
Thanks for the replies and here is more info. I am using Safari and it is the same browser session in a different tab on the same computer. What I'm trying to avoid is a member logging in on one tab and another member logging in another tab on the same computer which causes the conflict. Is there a way to make a user log off before another user logs in on the same computer? That would take care of the issue.


Top
 Profile  
 
 Post subject: Re: User conflict...
PostPosted: Thu Mar 22, 2012 2:31 am 
Offline
DevNet Master
User avatar

Joined: Sun Feb 15, 2009 12:08 pm
Posts: 2794
Location: .za

_________________
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering


Top
 Profile  
 
 Post subject: Re: User conflict...
PostPosted: Thu Mar 22, 2012 12:14 pm 
Offline
Jack of Zircons
User avatar

Joined: Thu Nov 09, 2006 9:30 pm
Posts: 4484
Location: California, USA
I think you have a fundamental question to ask yourself: how can you possibly know whether it is the same or a different person who is using the same computer and the same browser, merely opening a new tab? That's exactly the same as the same person just deciding to sign on as a different user.

What you could do, I suppose, is (as part of your login page) check to see if a user is already logged on in the current session, and not allow another login until the currently logged-in user has logged out.


Top
 Profile  
 
 Post subject: Re: User conflict...
PostPosted: Thu Mar 22, 2012 10:26 pm 
Offline
Forum Commoner

Joined: Wed Sep 14, 2011 11:42 pm
Posts: 82
Here is the auth.php file. I'm not real sure what code (or even the logic) to add to this file.

Syntax: [ Download ] [ Hide ]
<?php
        session_start();
       
        if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == ''))
        {
                header("location: access-denied.php");
                exit();
        }
?>


Top
 Profile  
 
 Post subject: Re: User conflict...
PostPosted: Fri Mar 23, 2012 2:28 am 
Offline
DevNet Master
User avatar

Joined: Sun Feb 15, 2009 12:08 pm
Posts: 2794
Location: .za
If you were to follow my advice you would place the code on your login page;
Syntax: [ Download ] [ Hide ]
<?php
 $_SESSION = array();
 // or
 unset($_SESSION);
?>

This unsets (removes) any session variables that exists: this would then log out any person logged in on the same browser.

I don't understand the necessity for this sort of measure; if you could perhaps explain a bit more. Logically speaking two people using the same browser and the same terminal for the same application doesn't make sense, it would be easier to create a general user which grants access to all users (same privileges, same functions). This might be the case but then forcing logout would be pointless as the application doesn't have to logout. For a multi-user setup this is rather pointless imo; if the system has user specific functions & roles (one user is admin while another is a normal user) then common sense dictates that you would logout before allowing someone else, who might be a lower lever user, to work on the computer

_________________
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering


Top
 Profile  
 
 Post subject: Re: User conflict...
PostPosted: Fri Mar 23, 2012 12:52 pm 
Offline
Forum Commoner

Joined: Wed Sep 14, 2011 11:42 pm
Posts: 82
I see your point now. I'm developing in a localhost environment and doing some testing that is probably not a real world situation. And besides, if someone doesn't log out then it makes sense that the new session would take precedent. I'm over thinking this as usual. Thanks for the advice and clarity.


Top
 Profile  
 
 Post subject: Re: User conflict...
PostPosted: Fri Mar 23, 2012 1:03 pm 
Offline
Jack of Zircons
User avatar

Joined: Thu Nov 09, 2006 9:30 pm
Posts: 4484
Location: California, USA


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 10 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group