browser - PHP session overlap
First I log in with one user and then I open a second tab and log in with other user. Now the problem is that when I go to the tab where I logged in first and refresh it, the username from the second tab overlaps the first one.
I have seen that the two different users have different cookies, but is the second one overlapping the first one, because I try to log in with more than one user on a single machine..My theory is that I am only getting the last session and it sets it everyhwere.So I am wondering how can I make them independent. This is my PHP code for the session of each user: `
<?php
session_start();
if(isset($_SESSION["user_id"]))
{
$mysqli = require __DIR__ . "/databaseCon.php";
$sql = "SELECT * FROM users
WHERE user_id = {$_SESSION["user_id"]}";
$result = $mysqli->query($sql);
$user = $result->fetch_assoc();
$getSessions = $mysqli->query("SELECT sessionName FROM sessions");
}
This is my login script. Once logged in, they will be sent to different pages determined by the roles(student or a teacher):
<?php
$is_invalid = false;
#if we opened the page its set to GET, when we submit POST
if ($_SERVER["REQUEST_METHOD"] === "POST")
{
$mysqli = require __DIR__ . "/databaseCon.php";
$sql = sprintf("SELECT * FROM users
WHERE email = '%s'",
$mysqli->real_escape_string($_POST["mail"]));
$result = $mysqli->query($sql);
$user = $result->fetch_assoc();
if ($user)
{
if(password_verify($_POST["passw"], $user["password_hash"]))
{
session_start();
session_regenerate_id();
$_SESSION["user_id"] = $user["user_id"];
$_SESSION["firstName"] = $user["firstName"];
$_SESSION["privilege"] = $user["privilege"];
header("Location: /Controllers/sessionInit.php");
exit;
}
}
$is_invalid = true;
}
?>
`
Answer
Solution:
When your php program feeds its session cookie to the browser, the browser then uses it, immediately, for all its tabs. So starting a session for Bob disconnects your browser from the session for Alice.
It's common during debugging to want to have two user sessions going at once. When I do that, I do one of three things
- Use different browsers for different sessions (Chrome, Firefox, Edge etc).
- Use a browser's anonymous mode for the second session.
- Set up multiple user profiles in the browser, and use the different profiles for different sessions. This can be clunky, however.