browser - PHP session overlap

View Original

First I log in with one user and then I open a second tab and log in with other user. Now the problem is that when I go to the tab where I logged in first and refresh it, the username from the second tab overlaps the first one.

I have seen that the two different users have different cookies, but is the second one overlapping the first one, because I try to log in with more than one user on a single machine..My theory is that I am only getting the last session and it sets it everyhwere.So I am wondering how can I make them independent. This is my PHP code for the session of each user: `

<?php

session_start();

if(isset($_SESSION["user_id"]))
{
    $mysqli = require __DIR__ . "/databaseCon.php";

    $sql = "SELECT * FROM users
    WHERE user_id = {$_SESSION["user_id"]}";

    $result = $mysqli->query($sql);

    $user = $result->fetch_assoc();

    $getSessions = $mysqli->query("SELECT sessionName FROM sessions");

}

This is my login script. Once logged in, they will be sent to different pages determined by the roles(student or a teacher):

<?php

$is_invalid = false;
#if we opened the page its set to GET, when we submit POST
if ($_SERVER["REQUEST_METHOD"] === "POST")
{
    $mysqli = require __DIR__ . "/databaseCon.php";

    $sql = sprintf("SELECT * FROM users
        WHERE email = '%s'", 
        $mysqli->real_escape_string($_POST["mail"]));

    $result = $mysqli->query($sql);

    $user = $result->fetch_assoc();

    if ($user)
    {
        if(password_verify($_POST["passw"], $user["password_hash"]))
        {

            session_start();

            session_regenerate_id();

            $_SESSION["user_id"] = $user["user_id"];
            $_SESSION["firstName"] = $user["firstName"];
            $_SESSION["privilege"] = $user["privilege"];

            header("Location: /Controllers/sessionInit.php");
            exit;

        }
    }
    $is_invalid = true;
}



?>

`

Answer

Solution:

When your php program feeds its session cookie to the browser, the browser then uses it, immediately, for all its tabs. So starting a session for Bob disconnects your browser from the session for Alice.

It's common during debugging to want to have two user sessions going at once. When I do that, I do one of three things

  1. Use different browsers for different sessions (Chrome, Firefox, Edge etc).
  2. Use a browser's anonymous mode for the second session.
  3. Set up multiple user profiles in the browser, and use the different profiles for different sessions. This can be clunky, however.

Source
© 2021
E-mail: contact@webdevask.com
Back to top