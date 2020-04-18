I’m at the point of testing my website with 2 users logged in and ran into a frustrating problem. I log in on one device as User A, all goes well. But I log in on another device as user B, it logs them in fine, but suddenly user A’s session info reflects the session info of user B. So user B is now logged into both devices. And these are entirely different devices. One is a laptop running on windows, another is a phone running on android. I can even confirm when printing the session id that user B’s session is the active session for both accounts.
In my login page:
if(session_status() == PHP_SESSION_ACTIVE)
{
echo "SID=" . session_id() . "<br>";
}
var_dump($_COOKIE);
In my verifylogin page:
if(session_status() == PHP_SESSION_NONE)
{
session_id($_POST['Username']);
session_start();
session_regenerate_id(true);
}
and in my home page after login:
if(session_status() == PHP_SESSION_NONE)
{
session_start();
}
I had session_start() in my login page originally but after reading stuff took it out and decided not to start the session until the verifylogin script. session_start() is supposed to automatically create a different session for each new client so I’m confused why thats not happeneing