session problem! I'm getting different session on different browser windows...!!

[yusof_hardy]

ok

I have
[code]session_start(); [/code]

at the top of every page of the site...

The session lifetime is set to 1 hour

On successful log-in, I assign
[code]$_SESSION['userid']=$ID; [/code]



So it means if $_SESSION['userid'] is set, then the user has logged in..

The problem is, after I log-in, I can still open another brower windows and log-in as another user. Apparently, Seperate Session variables are created by different browser windows. I can log-in as different users by opening new windows on the same computer...

It's complicated
Help!!

[kenrbnsn]

Sessions are tied to browser windows. That's how they work.  If you want to restrict the number of users using your script to one per machine, you will have to look into other methods of validation and tracking like using cookies.

Ken

[yusof_hardy]

Thanks!!  :)

So how does a typical log-in system should implement?

Combination of session and cookie?


Pls help me..

[Petsmacker]

I only use cookies for my log-in and log-out systems. They're far more reliable and convenient.
Look into the setcookie() function and change the $_SESSION variables on your page to $_COOKIE

Sessions are unreliable for log in stuff. You should also have a 'password' cookie as well with an encrypted password. Otherwise people could simply use software to edit the 'userid' cookie to whatever they want and then be logged in as anybody else.