Login or Register to Ask a Question and Join Our Community


Shell Programming and Scripting

Multiple PHP sessions within the same browser instance

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting Multiple PHP sessions within the same browser instance
# 1  
Old 08-11-2004
Multiple PHP sessions within the same browser instance
Dear all.....

I am currently writing a Help-Desk / Knowledge Base application using PHP/PostGreSQL.

I authenticate the user using a quite elaborate mechanism of cookies. The problem is that using cookies (I also have a version using sessions with the same problem), I can only seem to get one user logged in from any one browser instance. (Why would I want to be logging in as two users from one browser/IP? In case I want to open another browser tab, log in as "root" or whoever, and do some administration without logging out of my other session.)

For example, say I fire up Firefox, and log into my application. A session is started for the browser. I open another tab, and login as a different user, the session (and any session variables) are "overwritten" by this new session.

I have made a workaround for the time being, by writing IP addresses and usernames to a table, and only allowing one login from any one IP address. The problem here is that if the user forgets to logout, then session_destroy() (or manual cookie cleanup, depending on the version of my application) is never called, and when I roll this out the user will be calling the DBA/SA (me!) and I'd have to DELETE FROM ip_addr WHERE username = 'blah' AND ip_addr = 'xxx.xxx.xxx.xxx' to get rid of the entry and remove the lock - something I don't want to be doing for 150 users!!!!

In short, does anyone know a way to allow multiple independant sessions with independant session IDs from the *same* browser instance?

Any help would be greatly appreciated. If not, I can still stick to my one-login-per-IP method, as all our clients use different IP addresses and the proxy is bypassed on the local network.
# 2  
Old 08-11-2004
is your database set up with a column called "privilages" or something (i.e. normal user or admin stored in here )

if so when the user logs in it saves the data to a cookie.... can't you just do an if statement doing something like
if user privilages are admin then store as a cookie called "adminCookie" else store as "userCookie", this might get around the problem, only if you are having 1 session as a user and another as an admin, but more than 1 session as a user or admin still wont work as it overwrites the cookie when you log in.

hope this helps, my brain is frazzled from work so don't know if i explained that well enough

good luck

Mark
# 3  
Old 08-11-2004
I am fiddling around with variations of this now.... However, I have a set of columns in the users table that govern various permissions over the DB, (e.g. can create categories, can edit items, can delete items, etc, etc). So I can't really break it down into either admin or users, as I want to assign each user fine grained permissions - this is what makes setting the cookie (and then getting the page to render accordingly) quite difficult. As you say, if you login as somebody else the cookie gets clobbered and the "old" session assumes the values stored in the "new" sessions cookie.

It also becomes complicated when reading in cookie values. Say i'm logged in as both a user and an admin, and I try to remove an entry as the user, if the admin cookie exists as well, isn't it going to be a pain to decipher what's going on? (Because the script will be saying "if admin cookie exists - allow, else disallow), but both cookies will exist?

I think as a workaround for now, I will have to stick to limiting the thing to a single session per IP address. It's kludgy but will work. I think that it's just as easy to log out, and then log back in as a user with appropriate priveledges to do whatever needs doing. I've also set up a series of cookies that are set to various crypt()ed values to stop a user trying to forge a cookie with elevated priveledges and everything seems pretty secure at the moment.

Let me know if you come up with anything more (or if I've got the wrong end of the stick) - I'm still open to ideas and am still hacking around.

Thanks again,

Cheers
ZB
# 4  
Old 08-12-2004
Did you try something like this?

Set cookie:
PHP Code:
<?php

// include function files for this application
require_once('fns.php'); 
session_start();

//create short variable names
$username $HTTP_POST_VARS['username'];
$passwd $HTTP_POST_VARS['passwd'];

if ($username && $passwd)
// they have just tried logging in
{
    if (login($username$passwd))
    {
      // if they are in the database register the user id
       if( $username == "Administrator"){
            $HTTP_SESSION_VARS['admin'] = $username;
            setcookie("cookie[$username]","Admin",time() + 10000000,'/','.website.com',0);
       }else{
            $HTTP_SESSION_VARS['valid_user'] = $username;
            setcookie("cookie[$username]",session_id(),time() + 10000000,'/','.website.com',0);
       }  
    }else
    {
      // unsuccessful login
      do_html_header('Problem:');
      echo 'You could not be logged in. 
            You must be logged in to view this page.';
      do_html_url('login.php''Login');
      do_html_footer();
      exit;
    }      
}
?>
Validate cookie
PHP Code:
<?php
if(isset($_COOKIE['admin'])) {
  echo "<p>Hello Administrator</p><br />";
  echo $_COOKIE['admin'].'<br />';
  // after the page reloads, print them out
  if (isset($_COOKIE['cookie'])) {
    foreach ($_COOKIE['cookie'] as $name => $value) {
      echo "$name : $value <br />\n";
    }
  }
}elseif(isset($_COOKIE['valid_user']){
  echo "<p>Hello user</p><br />";
}

}else
  echo "<p>no cookie for you</p>";
?>
I would think for each admin task do an isset($_COOKIE['admin']).
# 5  
Old 08-13-2004
I've got it sorted now, thanks.

I'm using session variables instead of cookies now, and call....
PHP Code:
function check_admin_permission() {
   if ( $_SESSION'p_comp' ] == 'Y' ) {
       return true;
   } else {
       return false;
   }

to check and then

PHP Code:
$username $_SESSION'user' ];
if ( check_admin_permission() ) {
   print "<b>Welcome $username - You are an administrator</b><br />\n";
   print_admin_menu();
} else {
   // standard user
   print "<b>Welcome $username</b><br />\n";
   print_standard_menu();

and so on. I can then easily validate things on each page.

Cheers to everyone for their help.

Peace
ZB
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX and Linux Applications

Configuring mysql for multiple instance only

Hello. I plan to use mysql with only instance database so I can stop one database for maintenance without stopping every thing. When one reads through the my.cnf config file, it is not clear if we must use at the same time a single database mysql plus any instances mysqld2 (for app1), mysqld3... (1 Reply)
Discussion started by: jcdole
1 Replies

2. Shell Programming and Scripting

Sessions across multiple scripts.

I wish to be able to pass PHP values between multiple scripts. In each script, I have the following before any HTML code: <?php session_start(); session_name("STORE"); session_set_cookie_params( 'lifetime', '/var/www' ); session_id('Gingy'); ... (1 Reply)
Discussion started by: Meow613
1 Replies

3. Red Hat

multiple ssh sessions

Hi, I use OpenSSH to log on to a RH server but when I enter the password 2 session windows appear. I only need one so can anyone advise where I can rectify this? R, D. (2 Replies)
Discussion started by: Duffs22
2 Replies

4. AIX

Multiple sessions with xming

Hi. I installed xming to access to my servers but I have a problem : i can only have one session at a time ... i don't find any parameter to change this. Tks (3 Replies)
Discussion started by: stephnane
3 Replies

5. Shell Programming and Scripting

Multiple instance in tomcat

I need to install a tomcat6 with multiple instances like instance1,instance2 and instance3 in a server. I came to know that for that we need to install tomcat6,apache2.0,mod_jk1.2 and jre with tools.jar installed.And we need to create multiple instances with same web.xml and difference... (0 Replies)
Discussion started by: tuxslonik
0 Replies

6. UNIX for Advanced & Expert Users

Multiple Instance Of Same Process

Hi Everyone, I am using solaris 5.10. I have a java process running in server mode in unix. The problem is that it automatically forks i.e creates a child process. I mean suddenly two instances of that process start running , in which the process-id of first instance is the parent... (5 Replies)
Discussion started by: glamo_2312
5 Replies

7. UNIX for Dummies Questions & Answers

Multiple instance of same process

;)Hi Everyone, I am using solaris 5.10. I have a java process running in server mode in unix. The problem is that it automatically forks i.e creates a child process. I mean suddenly two instances of that process start running , in which the process-id of first instance is the parent... (0 Replies)
Discussion started by: glamo_2312
0 Replies

8. UNIX for Advanced & Expert Users

Multiple Sessions with FTAM

Just a quick question, Can I establish Multiple Sessions between two machines using FTAM? Regards, Gaurav Goel (0 Replies)
Discussion started by: gauravgoel
0 Replies

9. Shell Programming and Scripting

Creating multiple sessions

I have a program which gets an input file (which contain a list of objects) and processes the objects one by one sequentially. However when there are many objects it is faster to split the input into smaller lists and run the program in multiple terminal sessions simultaneously. I want to know if... (2 Replies)
Discussion started by: stevefox
2 Replies

10. Solaris

Restricting Multiple loggin sessions

Any idea as to how multiple loggin sessions by the same user (using Hyper terminal/Telnet) be restricted in Sun Solaris 8. Rgds Naushi (10 Replies)
Discussion started by: Naushi
10 Replies
Login or Register to Ask a Question