handling multiple sessions??

"john" wrote:

How do u guys handle multiple sessions??
i.e, opening different browser windows by running
iexplore.exe or clicking IE icons and opening the application. My
sessions are mixing up.
what i mean is
suppose i log in my site using username "test".
At this time I set $_SESSION[’name’]="test".
And I use $_SESSION[’name’] inside my application to print
the
username.
Now if I open another browser & log in with "another test" the session variable is overwritten.Another session is not created.

Do you store the session in database or pass the session_id via get or post.

John, that is by design. You cannot have multiple users logged in
with the same session variable. When you open another browser, it
should not allow login, but say "user is logged in", and allow
logout. Once the user logs out, then the login boxes appear.

--
http://www.dbForumz.com/ This article was posted by author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.dbForumz.com/PHP-handling...ict139652.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.dbForumz.com/eform.php?p=467184

ma******************@yahoo.com (john) wrote in message news:<4c**************************@posting.google. com>...

How do u guys handle multiple sessions??
i.e, opening different browser windows by running
iexplore.exe or clicking IE icons and opening the application. My
sessions are mixing up.
what i mean is
suppose i log in my site using username "test".
At this time I set $_SESSION['name']="test".
And I use $_SESSION['name'] inside my application to print the
username.
Now if I open another browser & log in with "another test" the session
variable is overwritten.Another session is not created.

Do you store the session in database or pass the session_id via get or
post.

IMO, this question has been asked so many times. You should have
searched the archives
<http://groups.google.com/groups?threadm=abc4d8b8.0312180003.4df5d9f5%40post ing.google.com>

--
| Just another PHP saint |
Email: rrjanbiah-at-Y!com

R. Rajesh Jeba Anbiah wrote:

ma******************@yahoo.com (john) wrote in message news:<4c**************************@posting.google. com>...

How do u guys handle multiple sessions??
i.e, opening different browser windows by running
iexplore.exe or clicking IE icons and opening the application. My
sessions are mixing up.
what i mean is
suppose i log in my site using username "test".
At this time I set $_SESSION['name']="test".
And I use $_SESSION['name'] inside my application to print the
username.
Now if I open another browser & log in with "another test" the session
variable is overwritten.Another session is not created.

Do you store the session in database or pass the session_id via get or
post.

It's all well and good to say the question has been asked lots, but it
would be more useful to provide a link to an instance where it has been
answered. When you can't put your finger on the problem (and associated
jargon), it's very difficult to find something in google using general
searches. Because you understand the problem, you take it for granted
that it is easy to find the solution. Not so if you don't understand the
problem. I wish people wouldn't tell other newbies to go Google when
they are genuinely in need of help and are not just being lazy.
For all the reasons you (original poster) mentioned, any web application
is infact a multi-threaded (each page/script request is a thread)
application which has to deal with the issue of "concurrency". This is
not an issue of the technology (in this case, PHP) as much as code
design. You have to design your application in such a way as to deal
with multiple operations happening at unpredictable times in
unpredictable order. PHP session management allows you to centralise
where persistant name/value pairs are stored, but it doesn't solve your
concurrency issues. These issues are broader than any given
language/platform and are widely discussed in many programming forums.
The issue generally revolves around [multi-channel, asynchronous] access
to a central data store. This could be anything from session vars, to a
file on the server, or to a database.

Search google for issues relating to "programming for concurrency"
topics in general. Once you get the concept, then common sense prevails.
You begin to understand why using functions like flock() are relatively
beneficial (be it somewhat flawed given the possible http service model
of your web server).

The fact that the issue actually occured to you is a good sign. I don't
think you will have too many difficulties understanding the problem and
how to deal with it. Many so-called web "developers" never even twig to
race conditions and concurrency. Then they wonder why the get
"unexpected" behaviour and/or corrupt data.

I found an article which mentions that it is good to use the same
database connection resource but that's all I could find that was PHP
specific. Apparently, it is not all that easy to turn up really good
articles in Google. This is all I could come up with in reasonable time.
http://www.devshed.com/index2.php?op...ge=0&hide_js=1
Maybe there is a good reason why people have to keep asking this
question on forums ;) If you have more questions in your quest on this
topic, don't be put off by people telling you to go google. Ask away.
"There is no question `stupider' than the one everyone had but was too
afraid to ask".

Having different sessions with multiple browser instances can be done, but
it requires some less-than-simple effort. To have a different session you
must use a different session id.

Option (a) - you can bypass cookies and pass the session id within every
URL, but this presents a security risk as that session id is clearly visible
to the outside world and can be hijacked.

Option (b) - if you are using cookies (the preferred option) then the
session id is linked with a session name, the default being PHPSESSID. The
solution that I have found is to use a different session name for each
session. This allows the single cookie maintained by the web browser to
contain multiple session id's, each with their own session name.

Step 1 is to override PHP's default session name. I use a .htaccess file
with the following entry:

php_value session.name fred

Step 2 is to include a hidden field called "session_name" in every screen.

Step 3 is to execute the following code at the start of every script:

global $session_name;
if (isset($_REQUEST['session_name'])) {
// use session name passed via $_GET or $_POST
$session_name = $_REQUEST['session_name'];
} // if

Step 4 is to have the following code in your logon script:

// get details from any previous session
if (isset($session_name)) {
// use existing session name
} else {
// assign new session name
$session_name = getNewSession('menu');
} // if
session_name($session_name);
session_start();
session_unset();
initSession();

This uses the following user-defined functions:

function getNewSession ($prefix='fred')
// create a new session name using $prefix + a 1 digit number
{
// step through numbers 0-99
for ($i = 0; $i <= 99; $i++) {
$session_name = $prefix .$i;
if (!array_key_exists($session_name, $_COOKIE)) {
break;
} // if
} // if
return $session_name;
} // getNewSession

function initSession()
// standard session initialisation
{
....
if (!isset($_SESSION)) {
if (isset($session_name)) {
session_name($session_name); // set the session name
} // if
session_start(); // open/reopen session
} // if
....
} // initSession

Note that this will allow a suffix of 0-99 on the end of the session name of
"fred".

Step 5 is to have the following code at the start of every script
(immediately after the code identified in step 2):

initSession();

This has the following effect:

The URL for the logon screen does not contain the parameter "session_name",
therefore the logon screen will always generate a new session name.

The URL for every other screen will contain "session_name", therefore it
will continue to use the session with that name and the session id
associated with that name.

If within a browser window the user creates a copy of that browser window
then the existing session name will also be copied, in which case the same
session will be used by more than one browser instance. This can be remedied
by pressing the "logout" URL which will invoke the login screen which in
turn will generate a new session name and hence a new session id.

As you can see it is not trivial, but it can be done.

--
Tony Marston

http://www.tonymarston.net
"R. Rajesh Jeba Anbiah" <ng**********@rediffmail.com> wrote in message
news:ab**************************@posting.google.c om...

ma******************@yahoo.com (john) wrote in message
news:<4c**************************@posting.google. com>...

How do u guys handle multiple sessions??
i.e, opening different browser windows by running
iexplore.exe or clicking IE icons and opening the application. My
sessions are mixing up.
what i mean is
suppose i log in my site using username "test".
At this time I set $_SESSION['name']="test".
And I use $_SESSION['name'] inside my application to print the
username.
Now if I open another browser & log in with "another test" the session
variable is overwritten.Another session is not created.

Do you store the session in database or pass the session_id via get or
post.

IMO, this question has been asked so many times. You should have
searched the archives
<http://groups.google.com/groups?threadm=abc4d8b8.0312180003.4df5d9f5%40post ing.google.com>

--
| Just another PHP saint |
Email: rrjanbiah-at-Y!com