0

My PHP Session Log-in and log-out works fine but this is the problem I have a site consists of admin folder and outside the admin folder are the customer page files. both of them has sessions for log-in and log-out purposes but it acts so WEIRD because if I'm running on a same browser... the admin page log-in data value copies to customer page file and vice versa (from customer to admin page).

If I set to run the admin or the customer page file on a different browser it seems to work fine but what I want to know what causes the problem that it copies the session value in both admin and customer? can somebody tell me why it happens how to fix it??? Please tell me if you want the copy of my program. please help me. this is the only problem I had.

3
Contributors
5
Replies
6
Views
5 Years
Discussion Span
Last Post by masterjiraya
0

The same $_SESSION is available to every page in the same domein that calls session_start

just set a varible in your seeion to check if a user is allowed in the admin files
something like

session_start();
if (!isset($_SESSION['isAdmin'] || !$_SESSION['isAdmin'])
      header("Location: http://www.mysite.com/user.php");

or did't I understand your question?

0

This sounds like a browser autocomplete issue to me. Did you 'save password for this site' or similar?
If you did, then the browser will have stored the auth. details for your site and will display them everytime it sees something like a login form. I'm pretty sure that it stored login details by site rather than by page.
Try deleting password data from 'under the hood' or similar in your browser.

Before this though, try changing the login fields to include the autocomplete="false" attribute. It may not work on every browser though. You could have a look at "noncing" to try and provide cover for stubborn browsers.

(I assume this is the issue :))

Edited by diafol: n/a

1

In your admin/securepage.php you just check for a username in $_SESSION

both your login.php create a $_SESSION

in your admin/login.php create a $_SESSION and check for that in the adminpages.

Better: have one login.php do both checkes
better: combine your user and admin-tables and add an admin-field

0

now I get it. pzuurveen thanks to you. Now I know now to use SESSIONS in the basic start. it means to me right now that the admin or any other folder in the same url of the server host means it can store many objects in a certain session variable but to make it separated from the admin w/ the customer is to make another unique session variable I mean if it is for the admin than it has to be for the admin. and for the customer is for the customer. And now I thought of it right now that the session variable makes the value super global.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.