session blues

[ksmatthews]

Hi All,

 

I am logging into my test site multiple times using different tabs in firefox on the same machine.

I am working as localhost. I set a session var in the login script with the unique username

like this  $_SESSION['loginID'] = $uname;

 

The session ID for each login is exactly the same ..... ?

 

The problem comes when logging out. Only the last logged in person is actually logged out,

I cannot logout each person separately.

 

Does anyone have any suggestions ?

 

here is my logout script ...

 

<?php

 

 

 

/*

 

Created: 05/08/2008

 

Last Modified:

 

Author: steven Matthews

 

 

 

logout script: updates DB and unsets user session cookies

 

*/

 

//required foundation class files and set up

 

require_once ('./config.php');

 

require_once ('./class.database.php');

 

// re-start existing session

 

session_start();

 

 

// instantiate DB class object

 

$odbc = new myDatabase(DB_NAME, USER_NAME, PASSWORD, CONNECT_SQL_ERROR);

 

// update table admins for this user

$SQL = "UPDATE admins SET login_status=FALSE WHERE username=" . $_SESSION['loginID'];

 

$dbResult = $odbc->Run_SQL_query($SQL, TABLE_DATA_ERROR . 'admins');

 

// close DB

 

$odbc->Close_DB();

 

 

 

// Unset all of the session variables.

 

$_SESSION = array();

 

 

 

// delete session cookies.

 

if (isset($_COOKIE[session_name()]))

 

    setcookie(session_name(), '', time()-42000, '/');

 

 

 

// destroy session

 

session_destroy();

 

 

 

// go to login page

 

header( 'Location: ../index.php' );

 

 

 

?>

 

Thanks,

 

Steven M

[MasterACE14]

the session has only been set once. Just because you are running different tabs, doesn't mean each tab has its own identity.

[LemonInflux]

That's a shame, I read the title and thought the Animals were coming back. Ah well.

 

For a start, do you need login status in a database? It just means more queries you probably don't need, and more space you don't need to use.

Another thing, why are you setting a session cookie if the user is logging out:

 

if (isset($_COOKIE[session_name()]))

   setcookie(session_name(), '', time()-42000, '/');

 

----------------

Now playing: Enter Shikari - Kickin' Back On The Surface Of Your Cheeks

via FoxyTunes

[MasterACE14]

why are you setting a session cookie if the user is logging out:

 

if (isset($_COOKIE[session_name()]))

   setcookie(session_name(), '', time()-42000, '/');

 

he's destroying the cookie by setting its expiry date 

[LemonInflux]

oh yeah. Hah, I should probably read what's in a function as well

 

----------------

Now playing: Enter Shikari - Adieu (Routron 5000 Remix)

via FoxyTunes

[MasterACE14]

lol, probably 

 

@ksmatthews: there is no problem with your script, it is working perfectly fine.

[ksmatthews]

Thanks everyone !!

 

Lemoninflux says 'For a start, do you need login status in a database? It just means more queries you probably don't need, and more space you don't need to use.'

 

Can you suggest a viable alternative ?

 

Steven M

[marklarah]

Don't have a login status?

[LemonInflux]

Have a last_active timestamp instead. Query the database every time you need to see who is online. Return all names where this timestamp is less than 5 minutes behind current time. If it is older than 5 minutes, we can assume the user is inactive. If you don't need to show who is online, you don't actually need any of this.

 

----------------

Now playing: Enter Shikari - Acid Nation

via FoxyTunes