cross log in issue

[sofia403]

Hi, I have two login tables for visitors, different login scripts for both

 

Table1 - Username1

 

Table2 - Username2

 

If i login with username1 and then login with username2 without loginout either of them, and if i do a refresh of the page of Username1 i will get transfered to Username2 page (without all the information field, but with all the table names )

 

Basically the previous username gets transfered to the new one that i sign in with even though they in different tables. What is causing this and how can i prevent this? Does that makes sence? I can provide additional information if needed.

 

Oh i also should add - its only an issue if i use same computer to login to different accounts, it works as it suppose to if i use different computers.

 

Thank you.

[sofia403]

could that be a cookie issue?

[WebStyles]

sounds like a cookie or session issue.

 

I betting on something like this simplified example:

 

1. user logs in

2. a session variable is created (or a cookie) with username="john doe", and another one with login="ok" (or something of the sorts)

3. every time a page is accessed (or refreshed), the code looks at the 'login' variable to see if there's a user logged in (login="ok")

4. the the page grabs the username and uses that to get the rest of the information on the user.

 

if you use the same browser (if it works fine on 2 different computers, it will work fine on 2 different browsers) to login again, the variable that holds the username is overwritten. this is basically bad design, as the login page should detect if a user is already logged in, and force a logout before allowing another one. Of course it is possible to create a system that allows multiple logins, but why? two people cannot use the same computer at the same time. Even facebook, google, etc.. will not allow you to login with 2 seperate accounts at the same time on the same computer (same browser).

 

hope this helps

[sofia403]

So can i changed the cookie name by adding session id along with it or something, or i can leave it the way it is?

 

and yes its happening only with same browser. same computer and different browser works no problem.

[WebStyles]

It depends, do you really need to login with 2 different users from the same machine? (even now that you know you can use 2 different browser to get the job done?)

 

[sofia403]

I guess im worried since i have different logins on a website. the way it works now i have several tables and each has unique user name and password so if user will create 2 accounts for 2 separate tables and then log in from same browser that will overwrite one of his sessions.

[WebStyles]

that sounds like a case of bad database design.

 

From what I understand, you have (lets say 2) two different pages, that show 2 different things, and you have 1 user that has access to page 1, and a different user that has access to page 2. (correct me if I'm wrong)

 

you should only have one users table, and a set of permissions for each user. then you can specifically say:

 

user xxxx can access page 1

user yyyy can access page 2

user zzzz can access page1 and page 2

 

 

[sofia403]

that makes sence and yes you exactly right thats how i have it. thats my first time designing this kinda stuff so im still learning along the way. lol.

 

so if i would want to have 2 separate pages that show 2 separate things i can store all my user information in 3rd table and grant permissions which table they can access?

[WebStyles]

ok, imagine something like this: (this is a very basic example)

 

user table: `id`,`username`,`password`,`permissions` with the following values ('1','John Doe', 'xxxxx','NYNN')

you also grab his permissions. You'll have a variable with the values NYNN

 

At the top of each page you set a pageID number that refers directly to the position on the letters in your permissions field. (remember, first letter is position 0 and not 1)

then you check the session variable (or cookie if you stored the info there) to see if that user can access the page he's on:

session_start();
$pageID = 1;
if($_SESSION['permissions'][$pageID] == 'Y'){
  // ok to proceed
}else{
  // permission denied: show error or redirect
}

 

of course, there are much better and efficient ways to do this, but they  would be hard to explain here.

 

hope this helps

[sofia403]

awesome! thanks, i will try this approach.