Jump to content

How to restrict login session across browser windows in PHP

PHPT

By PHPT
in PHP Coding Help

 Share

Recommended Posts

PHPT Newbie

PHPT

Posted
Posted (edited)

Hi,

How to restrict login session across browser windows in PHP.

After login if we access the pages that are to be accessed after login in separate tabs or browser windows we are able to access. In all these the login sessions are maintained.

How can we restrict the users from accessing the pages that are to be accessed after login using separate browser windows. If they try to access we need to direct them to login page again. How can we do these.

Please suggest. Thanks.

Edited by PHPT
Link to comment
Share on other sites
requinix Prolific Member

requinix

Posted
Posted

PHP can't tell the difference between one tab/window or another. The only option is to restrict all browsing such that the user never even leaves the page at all: by rewriting your site from the ground-up into a single-page application ("SPA"), meaning you're going to set aside a lot of PHP and do the majority of work in Javascript with frameworks like React.

And by the way, this is a bad idea.

Link to comment
Share on other sites
PHPT Newbie

PHPT

Posted
  • Author
Posted

Hi,

Thank you for your reply. 

We are doing performance testing for our PHP web application using jmeter. 

We are trying to login as different users using each browser windows in chrome. So we asked this query. 

 

Link to comment
Share on other sites
Drummin Member

Drummin

Posted
Posted (edited)

There are a number of way to do this, but one basic way is to define the accepted access "levels" on the page and checking the $_SESSION['secure_level'] which is set at login against the page access level on a common CheckPass page. So on a page you might have 

<?php
session_start();
$sections = array("Agent","Admin");
include 'CheckPass.php';

Then on your CheckPass page you might have something like this 

if(empty($_SESSION['secure_level']) || !in_array($_SESSION['secure_level'],$sections)){
    unset($_SESSION['secure_id']);
    unset($_SESSION['secure_level']);
    session_destroy();
    header("location: ../login.php");
    exit;
}

EDIT:

Guess I misread the op question in that it is not a direct matter of permission but a second login situation.

Edited by Drummin
Edit added,
Link to comment
Share on other sites
kicken Prolific Member

kicken

Posted
Posted
6 hours ago, PHPT said:

We are trying to login as different users using each browser windows in chrome

If you want to be able to login multiple times for testing, use private browsing windows.  Each private browser window will have it's own session.

Link to comment
Share on other sites
requinix Prolific Member

requinix

Posted
Posted
14 hours ago, PHPT said:

We are doing performance testing for our PHP web application using jmeter. 

We are trying to login as different users using each browser windows in chrome. So we asked this query. 

Understand that this is a completely different problem than the one you asked for. Specifically, this is a great example of the X/Y problem: asking about your solution of "how to restrict window/tab sessions in PHP" as a means of accomplishing "we want to run some performance testing using multiple independent Chrome windows".

Chrome is capable of running an instance (of the version installed on the computer) using a specific profile directory. It takes a little more setup since you need to create multiple profile directories, but that can be done mostly automatically with appropriate automation.

If you're searching the internet for answers then look in the direction of automated UI testing: that universally involves scripting a browser to perform actions, which is what you want to do.

Link to comment
Share on other sites
kicken Prolific Member

kicken

Posted
Posted
3 hours ago, requinix said:

All incognito windows share the same session data.

Hm, so they do.  I could have swore I used that trick in the past, but maybe I just did one regular and one private window.

In any case, JMeter doesn't use the browser so there's no problem using it to run requests as multiple users if that's the goal.  Each test thread can have it's own session state and thus user.  Definitely an X/Y problem here.

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.