PHP SESSION acting so weird

My PHP Session Log-in and log-out works fine but this is the problem I have a site consists of admin folder and outside the admin folder are the customer page files. both of them has sessions for log-in and log-out purposes but it acts so WEIRD because if I'm running on a same browser... the admin page log-in data value copies to customer page file and vice versa (from customer to admin page).

If I set to run the admin or the customer page file on a different browser it seems to work fine but what I want to know what causes the problem that it copies the session value in both admin and customer? can somebody tell me why it happens how to fix it??? Please tell me if you want the copy of my program. please help me. this is the only problem I had.

3

Contributors

5

Replies

2 Days

Discussion Span

1 Year Ago

Last Updated

6

Views

Question
Answered

masterjiraya

Posting Whiz

322 posts since Jul 2008

Reputation Points: 10

Solved Threads: 30

Skill Endorsements: 4

1 Year Ago

0

The same $_SESSION is available to every page in the same domein that calls session_start

just set a varible in your seeion to check if a user is allowed in the admin files
something like

session_start();
if (!isset($_SESSION['isAdmin'] || !$_SESSION['isAdmin'])
      header("Location: http://www.mysite.com/user.php");

or did't I understand your question?

pzuurveen

Posting Whiz in Training

277 posts since Sep 2006

Reputation Points: 46

Solved Threads: 59

Skill Endorsements: 0

1 Year Ago

0

This sounds like a browser autocomplete issue to me. Did you 'save password for this site' or similar?
If you did, then the browser will have stored the auth. details for your site and will display them everytime it sees something like a login form. I'm pretty sure that it stored login details by site rather than by page.
Try deleting password data from 'under the hood' or similar in your browser.

Before this though, try changing the login fields to include the autocomplete="false" attribute. It may not work on every browser though. You could have a look at "noncing" to try and provide cover for stubborn browsers.

(I assume this is the issue :))

diafol

Keep Smiling

Moderator

10,644 posts since Oct 2006

Reputation Points: 1,628

Solved Threads: 1,509

Skill Endorsements: 57

1 Year Ago

0

sorry guys for the late reply... but to make it resolved may be it's good to upload my program just in case, https://skydrive.live.com/redir.aspx?cid=3e21e1e16478087a&resid=3E21E1E16478087A!1289&parid=3E21E1E16478087A!1136

dowload it from the link I posted above

masterjiraya

Posting Whiz

322 posts since Jul 2008

Reputation Points: 10

Solved Threads: 30

Skill Endorsements: 4

1 Year Ago

1

In your admin/securepage.php you just check for a username in $_SESSION

both your login.php create a $_SESSION

in your admin/login.php create a $_SESSION and check for that in the adminpages.

Better: have one login.php do both checkes
better: combine your user and admin-tables and add an admin-field

pzuurveen

Posting Whiz in Training

277 posts since Sep 2006

Reputation Points: 46

Solved Threads: 59

Skill Endorsements: 0

1 Year Ago

0

now I get it. pzuurveen thanks to you. Now I know now to use SESSIONS in the basic start. it means to me right now that the admin or any other folder in the same url of the server host means it can store many objects in a certain session variable but to make it separated from the admin w/ the customer is to make another unique session variable I mean if it is for the admin than it has to be for the admin. and for the customer is for the customer. And now I thought of it right now that the session variable makes the value super global.

masterjiraya

Posting Whiz

322 posts since Jul 2008

Reputation Points: 10

Solved Threads: 30

Skill Endorsements: 4

Question Answered as of 1 Year Ago by pzuurveen and diafol

PHP SESSION acting so weird

This question has already been solved: Start a new discussion instead