sessions - two with same session ID as the same time

"windandwaves" <wi*********@coldmail.com> wrote in message
news:ti********************@news.xtra.co.nz...

Hi Folk

I just had a brainwave. I leave a session cookie on someone's machine so
that I recognise them (with their session ID in the cookie) when they come
back, I also offer them the option to have an email sent to their email
address with a link that sets the session ID to the one in the emailed
link so that they can open their account from another computer.

Now, my question is, can you have two users on different computers be on
the website at the same time with the same session ID?

There's nothing to stop you trying it out! Remember, you can use two
different browsers on one machine to simulate two computers for testing
purposes.

If there's a mechanism for logging in, then that's completely unnecessary...
do you have that?

I'm not sure I understand what you're actually trying to achieve ;)

d wrote:

"windandwaves" <wi*********@coldmail.com> wrote in message
news:ti********************@news.xtra.co.nz...

Hi Folk

I'm not sure I understand what you're actually trying to achieve ;)

I guess what I am wondering if it is a (potential) problem if two people are
using the same session ID and if so, what are these problems.

TIA

- Nicolaas

if you are using a login mechanism (mysql, flat-file, whatever) store
this session information where you have control over it - you cannot
rely on the user being on the same computer everytime they access your
site. (ie: home computer, work computer, etc...)

Michael Austin
Consultant

windandwaves wrote:
<snip>

I guess what I am wondering if it is a (potential) problem if two people are
using the same session ID and if so, what are these problems.

Google for session hijacking.

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/

"windandwaves" <wi*********@coldmail.com> wrote in message
news:to********************@news.xtra.co.nz...

d wrote:

"windandwaves" <wi*********@coldmail.com> wrote in message
news:ti********************@news.xtra.co.nz...

Hi Folk I'm not sure I understand what you're actually trying to achieve ;)

I guess what I am wondering if it is a (potential) problem if two people
are using the same session ID and if so, what are these problems.

If you use a non-locking session handler (ie no the default file-based
sessions), you'll technically be ok. Whether it's a good idea or not is up
to you ;)
TIA

- Nicolaas

>I guess what I am wondering if it is a (potential) problem if two people are

using the same session ID and if so, what are these problems.

They have the same set of session variables, which they both change.

This can be a problem with, say, a shopping cart application.
You could end up with one frustrated user repeatedly adding
a football jersey and deleting knitting needles, and the other
user repeatedly adding knitting needles and deleting the football
jersey.

Depending on how you handle logouts, if one logs out, it kills the
session for the other one.

If you have a "password change" feature, either user probably ends
up changing the password for both.

If the site has a mailbox feature, they share the same mailbox, read
each other's mail, and send mail from the same identity.

Gordon L. Burditt