I’m at the point of testing my website with 2 users logged in and ran into a frustrating problem. I log in on one device as User A, all goes well. But I log in on another device as user B, it logs them in fine, but suddenly user A’s session info reflects the session info of user B. So user B is now logged into both devices. And these are entirely different devices. One is a laptop running on windows, another is a phone running on android. I can even confirm when printing the session id that user B’s session is the active session for both accounts.
In my login page:
if(session_status() == PHP_SESSION_ACTIVE)
{
echo "SID=" . session_id() . "<br>";
}
var_dump($_COOKIE);
In my verifylogin page:
if(session_status() == PHP_SESSION_NONE)
{
session_id($_POST['Username']);
session_start();
session_regenerate_id(true);
}
and in my home page after login:
if(session_status() == PHP_SESSION_NONE)
{
session_start();
}
I had session_start() in my login page originally but after reading stuff took it out and decided not to start the session until the verifylogin script. session_start() is supposed to automatically create a different session for each new client so I’m confused why thats not happeneing
Also, using 2 different browsers, I can get it to work fine on localhost, so not sure if my server configuration is off or what. I can verify that a new sess_xxxxx file is getting created for the separate logins. But it seems to only be able to have one active at a time
Got it error free, still overwriting the session so the last person I log in ends up logged in on all devices, and all browsers. Am I supposed to store the session id for the user and use that to access their specific session?
I am unable to understand exactly what you are trying to achieve and convinced that the majority of script is not necessary. With sessions I usually:
test and set session only if sessions are not set
test for particular session parameters and set only if required
a session is unique to each browser
<?php declare(strict_types=1);
error_reporting(-1); // maximum errors
ini_set('display_errors', '1'); // show errors on screen - DO NOT SET ONLINE
if( isset( $_SESSION ) ) :
// this page has been included/required by another page
// STARTING ANOTHER SESSION WILL GENERATE ERRORS
else:
// LOOKS LIKE A STANDALONE PAGE
session_start();
endif;
// only set if required
$_SESSION['title'] = $_SESSION['title'] ?? 'TITLE NOT SET???';
I played about with your script and created the following index-001.php test page which can be copied and renamed to index-002.php. Variables $home, $page, $clr1 and $clr2 require changing in order to get the second page to toggle.
I know, according to PHP documentation it should automatically create a unique session for every client but I got it working. I create a unique id, set it as the session id, start the session, then store the id in a cookie. So on main pages I grab the cookie, set session id to it’s value, and start the session.