1

I'm new to PHP, I read other articles without finding the answer I'm looking for, but still don't know if what I want to do makes sense or not.

I'm using PHP 7.

My user authentication page, checks credentials and then executes session_start(), creating the session server-side and a cookie client-side in the browser.

Each other page of the web application then calls session_start() to resume session information, in this case checking the cookie. Everything works fine so far... at least when I have a single login.

I'd like to be able to have more than one user SIMULTANEOUSLY logged in the same browser (on another tab for example.) using cookie. I don't want to append the session ID to the URL.

I managed to create different session on the server-side using session_id() before session_start() in the authentication page based on username, but the problem is on the client side.

The first successful login (session_start()) creates a cookie and the second login updates the same cookie corrupting the previously created session.

Therefore when it comes to resume the session, session_start() will resume only the last session, mixing the data fetched from DB based on session info.

Is there a way to make session_start() create a cookie for each login and make PHP resume the correct session using cookies?

Any ideas?

FURTHER DETAILS: I'm updating a legacy app trying to fix some security issue. The need for multiple sessions comes from administrative purposeses where admins access the same site. The reason why it's needed a separation of session is that depending of the session info, the data are fetched from a different database. Therefore, a regular usage would only need one session per user, but the administrator he needs to make multiple logins viewing different data depending on that login.

Improve this question
3
  • I guess this will help you stackoverflow.com/questions/24964699/… Commented Nov 25, 2016 at 9:46
  • Possible duplicate of Multiple PHP Sessions Commented Nov 25, 2016 at 9:54
  • Do you want to use this during development? Or is this for the end user and the finished site? Commented Nov 25, 2016 at 10:47

2 Answers 2

Reset to default
1

You can use the same session but change the variable names that you are looking for:

if ( $_SERVER['REQUEST_URI'] == '/admin/' ):
    $session_name = 'session1';
else:
    $session_name = 'session2';
endif;
session_start( $session_name );
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

The default PHP behaviour is to handle sessions using cookies.

..and the default behaviour for browsers is to "reuse" the same set of cookies if you revisit an URL in another tab.. So, like mentioned below:

  • The simple way probably is to start another browser. Not the same browser but like firefox and chrome, if you have multiple browsers installed.
  • Another way would be to install a browser plugin, like Sessionbox for Chrome or Multifox for Firefox.

Edit, for clarity: I can think of two cases when multiple sessions would be used:

  • During development. Depends on the application, but an obvious case would be testing communication between two users.
  • After deployment. Though I've never seen a site that required multiple logins for the same user account.

This is my frame of reference. Based on this I assumed the question was for development. I'm not suggesting that the site should require installing extra packages. Flash would be about the only one that's ever gotten away with that..

Improve this answer

7 Comments

So you would suggest that users of your program install a second browser or a plugin??? Nice...
@Auris Total disclaimer for possibly misunderstanding his intentions. I assumed this was to be used by him during development. Of course end users shouldn't have to install things to use the site(exception: flash?) But I've never experienced a site where ordinary users have to login multiple times..
You can achieve multiple sessions if you use separate session cookies (even on the same site). And as for his question, I believe he is asking about how to build that :)
@Auris It's possible he is. But who knows more than him? It's not crystal clear, so answers for different cases should be allowed. And you're right, multiple sessions can definitely be handled&supported, I know that. But I'm curious as to why one would want that in the PHP code. Also, I tried to "clear the fog" about some of the session corruption/clientside issues he mentions.
There are cases, when you are forced to implement multi sessions, when you are working with large legacy apps and rewriting the whole app is not available. If you need to do that for a new app, than there is a fundamental flaw in your app's architecture.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.