PHPT Posted August 8, 2023 Share Posted August 8, 2023 (edited) Hi, How to restrict login session across browser windows in PHP. After login if we access the pages that are to be accessed after login in separate tabs or browser windows we are able to access. In all these the login sessions are maintained. How can we restrict the users from accessing the pages that are to be accessed after login using separate browser windows. If they try to access we need to direct them to login page again. How can we do these. Please suggest. Thanks. Edited August 8, 2023 by PHPT Quote Link to comment Share on other sites More sharing options...
requinix Posted August 8, 2023 Share Posted August 8, 2023 PHP can't tell the difference between one tab/window or another. The only option is to restrict all browsing such that the user never even leaves the page at all: by rewriting your site from the ground-up into a single-page application ("SPA"), meaning you're going to set aside a lot of PHP and do the majority of work in Javascript with frameworks like React. And by the way, this is a bad idea. Quote Link to comment Share on other sites More sharing options...
PHPT Posted August 9, 2023 Author Share Posted August 9, 2023 Hi, Thank you for your reply. We are doing performance testing for our PHP web application using jmeter. We are trying to login as different users using each browser windows in chrome. So we asked this query. Quote Link to comment Share on other sites More sharing options...
Drummin Posted August 9, 2023 Share Posted August 9, 2023 (edited) There are a number of way to do this, but one basic way is to define the accepted access "levels" on the page and checking the $_SESSION['secure_level'] which is set at login against the page access level on a common CheckPass page. So on a page you might have <?php session_start(); $sections = array("Agent","Admin"); include 'CheckPass.php'; Then on your CheckPass page you might have something like this if(empty($_SESSION['secure_level']) || !in_array($_SESSION['secure_level'],$sections)){ unset($_SESSION['secure_id']); unset($_SESSION['secure_level']); session_destroy(); header("location: ../login.php"); exit; } EDIT: Guess I misread the op question in that it is not a direct matter of permission but a second login situation. Edited August 9, 2023 by Drummin Edit added, Quote Link to comment Share on other sites More sharing options...
kicken Posted August 9, 2023 Share Posted August 9, 2023 6 hours ago, PHPT said: We are trying to login as different users using each browser windows in chrome If you want to be able to login multiple times for testing, use private browsing windows. Each private browser window will have it's own session. Quote Link to comment Share on other sites More sharing options...
maxxd Posted August 9, 2023 Share Posted August 9, 2023 Firefox has an extension called Multi-Account Containers that allows you to basically sandbox each tab and prevent communication. Much like using private windows, but in tabs. Quote Link to comment Share on other sites More sharing options...
requinix Posted August 9, 2023 Share Posted August 9, 2023 7 hours ago, kicken said: If you want to be able to login multiple times for testing, use private browsing windows. Each private browser window will have it's own session. Not Chrome. All incognito windows share the same session data. Quote Link to comment Share on other sites More sharing options...
requinix Posted August 9, 2023 Share Posted August 9, 2023 14 hours ago, PHPT said: We are doing performance testing for our PHP web application using jmeter. We are trying to login as different users using each browser windows in chrome. So we asked this query. Understand that this is a completely different problem than the one you asked for. Specifically, this is a great example of the X/Y problem: asking about your solution of "how to restrict window/tab sessions in PHP" as a means of accomplishing "we want to run some performance testing using multiple independent Chrome windows". Chrome is capable of running an instance (of the version installed on the computer) using a specific profile directory. It takes a little more setup since you need to create multiple profile directories, but that can be done mostly automatically with appropriate automation. If you're searching the internet for answers then look in the direction of automated UI testing: that universally involves scripting a browser to perform actions, which is what you want to do. Quote Link to comment Share on other sites More sharing options...
kicken Posted August 9, 2023 Share Posted August 9, 2023 3 hours ago, requinix said: All incognito windows share the same session data. Hm, so they do. I could have swore I used that trick in the past, but maybe I just did one regular and one private window. In any case, JMeter doesn't use the browser so there's no problem using it to run requests as multiple users if that's the goal. Each test thread can have it's own session state and thus user. Definitely an X/Y problem here. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.