had an issue, sessions

[Ninjakreborn]

I just ran into a difficult problem, that might have destroyed the integrity of my entire site.  I have sessions set up for people to login with, it runs off sessions.
On the admin page I have the sessions running off there too, but unfortunately, it overwrites each other, when I am logged in on one browser, you see if I have a browser here and I login to my test account, then I login to her admin account.  When I log out of my user test account it kills the sessions in her admin account, is this just because I am using hte same browser or will it happen to her everytime anyone logs out, because i Have session_destroy();
set on a page, when they logout it kills the session, but I was thinking this will also cause problems now with other user's because if someone logs out then everyone in the world that is logged in get's there session killed, a lot of people will be pissed?
what is going on here?

[bltesar]

I don't understand how you can be logged into two differnet accounts simultaneously in one browser window?  If you login as test and then as admin, how can you then logout the test account?  Please provide more info on how your system is set up.

[wildteen88]

If you are using the same browser in two seperate windows on the same PC on a site that uses sessions, then the same session is going to be served for both browser windows, as you are using the same client that used that the session was created on. If you used a completly different browser say IE and FF then PHP will give each browser a seperate session. This shouldnt affect other peoples sessions that are visiting the site from a different location.

[Ninjakreborn]

I know I just checked to make sure it was I contacted her and ran a test on it, it worked right, I was unaware it happened like that.

[bltesar]

Are you sure about that?  In my experience, two instances of the same browser create two separate sessions.  I just tested it with I.E.  However, if the second instance is opened by the first, they will share the same session.

[SharkBait]

If you're using IE Beta 7 and/or Firefox.  The sessions will stay within the tabs.  Opening a new tab wont allow for a new session to be created.

But if you are using difference instances of the browser, they're supposed to start new sessions.

Its how I test, I have FireFox open with one account on a site, then have IE open the same site but use a different account.

[Liquid Fire]

I can assure you that in FF, you can have any many tabs as you like and they all share the same sessions.  I know this because at work, our intranet has a website that requires login to accesd any page of it.  Once I log into the account from one tab, I can open up as many other tabs and go to any pages witout having to log in again.

[bltesar]

To be safe, then, it is best to not allow more than one user to login from the same browser.  When a login attempt is made, I check for existing sessions, and either alert the user or logout the existing session and cleanup variables. 

[Liquid Fire]

witht eh suggestion above i woudl think alerting thuser that they are already logged in is better for secruity reason because of
A. if they are logged in and someone is try to break in there accoutn they can do it easily without the real user know, all the real user will think is the the website is not working correctly because (s)he keep getting kicked off for no reason knwo to (s)he
and
B. if someone else is on the account and the real user is trying to log in (s)he can let the admin that someone has been in their account.  ofcourse this method is could just be the the session is not get killed right.
just my opinion.