sofia403 Posted November 10, 2013 Share Posted November 10, 2013 I have a problem with login system. I have two users, userA and userB in the same computer. userA enters to his account in one browser; userB gets access to his account in the same browser. My system thinks that now userB is also userA and userA is still connected to its own account but his name appears as userB. If these two users get access into different browsers, there is NO problem. Do you have any idea how would i fix this so that users are restricted to only having one account the logged in to from one browser window? thanks Welcome.php <? session_start(); session_id(); if (empty($_SESSION['username'])){ header("location:login.php"); exit; } ?> login.php <? include('config.php'); session_start(); if(isset($_GET['reg'])){ $reg=$_GET['reg']; }else{ $reg=""; } if($reg==1){ $msg1="<font color=\"#009900\"><b>Your account has been created, please login</b></font>"; }elseif($reg==2){ $msg1="<font color=\"#009900\"><b>You have been successfully logged out.</b></font>"; } if(isset($_POST['submit'])){ if( empty($_POST['uname']) && (empty($_POST['upass']))){ header( "Location:Messages.php?msg=1" ); exit(); } //transfer to shorter var $n=mysql_real_escape_string($_POST['uname']); $p=mysql_real_escape_string($_POST['upass']); //put in session vars $mytime=time(); $mytime=date("H:i:s A",$mytime); $_SESSION['time'] = $mytime; $_SESSION['status'] = 'logged'; $_SESSION['username'] = $n; //goto next page header("location:welcome.php"); exit; }else{ $_SESSION['status'] = 'not logged'; header( "Location:Messages.php?msg=2" ); exit(); } } ?> Quote Link to comment Share on other sites More sharing options...
requinix Posted November 10, 2013 Share Posted November 10, 2013 (edited) I have a problem with login system. I have two users, userA and userB in the same computer. userA enters to his account in one browser; userB gets access to his account in the same browser. My system thinks that now userB is also userA and userA is still connected to its own account but his name appears as userB.I don't know how that's even possible. Same browser on the same computer? You can't have two users logged in at the same time unless you specifically allow for multiple people to be logged in at once. The two people will be using the same set of cookies, so after user A logs in, if user B tries to browse (that is, user A gets up out of the chair and lets user B sit down at the computer instead) then they will still be logged in as user A. How is that possible? Because the computer, the browser, and your website doesn't know that it's physically a different person. If user B now tries to log in, either a] that's not possible because they're already logged in and there shouldn't be a way for a second user to log in while a first user is already, or b] the user now logged in will be user B and user A is gone... unless you have a bug in your system where not all the user A information is lost (but I don't see that in the code you've posted). Edited November 10, 2013 by requinix Quote Link to comment Share on other sites More sharing options...
sofia403 Posted November 10, 2013 Author Share Posted November 10, 2013 Thanks for reply. I will try to explain this again maybe it will make a little more sense at what I'm trying to achieve. Again lets say we have two users(UserA and UserB) who use the same computer at home. They both use the same browser to access a website, but each have their own account. Now UserA logs in to edit his profile in one tab, then while he is still logged in user UserB tries to edit her profile using the same browser only using a different tab. When UserB loged in to her account and if we go back to UserA tab and refresh it it will beUserB information. Im trying to prevent this from happening. So if one person is still logged in in one tab, the other person would be restricted to log in or the first one would be restricted to view the information about the second. does that make sense? Quote Link to comment Share on other sites More sharing options...
requinix Posted November 10, 2013 Share Posted November 10, 2013 You can't know whether someone is still "logged in" on a tab or window. This is one of those situations where you can't really solve it using code. It's a problem with the actual person (people) sitting at the computer. "Problem exists between keyboard and chair" as they say: the two people know damn well that they are both using the same browser and same computer, and if they leave themselves logged in then they can't assume you're somehow going to magically know that it's a different person sitting in front of the computer. What you can do is prevent user A from being able to make changes to user B's profile: require a password to make changes. User A won't know the password so they can't do anything. Quote Link to comment Share on other sites More sharing options...
KaiSheng Posted November 11, 2013 Share Posted November 11, 2013 Guru is right, absolutely. Lol. Quote Link to comment Share on other sites More sharing options...
Solution sofia403 Posted November 11, 2013 Author Solution Share Posted November 11, 2013 ok, thank you guys, much appreciate the advise Guru. have an awesome day Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.