RE: SESSIONS lost sometimes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi, 

Just a re-iteration on the problem:

Browser 1 has user A details 

Browser 2 has user B details

User B logs off, then user A is suddenly in logged of status also.

The method used to destroy the session is:
// Unset all of the session variables.
$_SESSION = array();

// Finally, destroy the session.
session_destroy();

Problem. User's A session is also destroyed. The concern is, that this
should not be the case. User A must happily continue to work.

So, should PHP destroy the whole browser's session id's variables? My answer
is "No".

User A and user B should have different session ids, if not, then it is
wrong. A new window should have PHP to spawn a new session id (that is, the
request does not come from an existing page where an id has been created
already. If the ids are different, then session_destroy should only clear
variables for relevant session_id, ie only User B's details In this example.


The problem then probably lies in the session_ids being either the same for
the two different logins (although they are on different browser) or
session_destroy clearing data across sessions. (I will test that later). It
would then seem that session ids is setup per location/machine by MS Windows
as per Peter's explanation. Setting up profiles is the the resolution as
suggested. Otherwise, it would be nice if Windows/IE/FF/PHP could identify
when a BRAND NEW page is being opened and then create a brand new session id
for that window/tab.

It is not a huge issue, I was just wondering if someone else had the same
annoying condition. I am happy with the responses and the functionality
somewhere on a wish-list. 

Now Back to Angelo's SESSION problem which sounded like it could be related.

Greetings!
Leon

-----Original Message-----
From: Leon du Plessis [mailto:leon@xxxxxxxxxx] 
Sent: 20 August 2009 10:57 AM
To: 'Peter Ford'; php-general@xxxxxxxxxxxxx
Subject: RE:  SESSIONS lost sometimes



That is how I know browsers to work, yet for a while the bahaviour has
changed. The question in light of this then is, should a new browser or tab
not open a new PHP SESSION ID. Session ID's should be kept if called from
existing pages or ID's? But new pages has no parent? Just wondering.

-----Original Message-----
From: Peter Ford [mailto:pete@xxxxxxxxxxxxx] 
Sent: 20 August 2009 10:47 AM
To: php-general@xxxxxxxxxxxxx
Subject: Re:  SESSIONS lost sometimes

Leon du Plessis wrote:
> ">> It's not an issue, it's a feature."
> 
> Thanks Arno...but it is a pain also.
> If I work with user A in Tab1 (window1), I want to work with user B
> separately in Tab2. When user in Tab2 logs off, I still want user A to
work,
> and not suddenly have to re-login. Same with bank. If I work with my
company
> account, then my personal account must not become an issue because I am on
> the same machine and site. 
> 
> I have no issue with using FF and IE to do testing as that takes care of
> browser compatibility testing at the same time :-), but I think when you
> start a new session with new values, it should be kept under that
window/tab
> alone. Cookies can take care of more details, but my opinion is data
should
> never be affected across windows/tabs unless the same user is logged in on
> both....even then I would expect PHP to keep data per session. Maybe it
goes
> beyond being an IE or FF issue..the questiojn is...will PHP allow
variables
> from session A become corrupted when session B is in progress when they
> should actually be handled seperately?
> 
> In the end I think it is something I do wrong in PHP with the SESSION
> variables and how I clear them....if so...I don't think PHP should allow
> clearing SESSION variables from other sessions.
>  
> -----Original Message-----
> From: Arno Kuhl [mailto:akuhl@xxxxxxxxxxxx] 
> Sent: 20 August 2009 10:03 AM
> To: 'Leon du Plessis'; php-general@xxxxxxxxxxxxx
> Subject: RE:  SESSIONS lost sometimes
> 
> -----Original Message-----
> From: Leon du Plessis [mailto:leon@xxxxxxxxxx] 
> Sent: 20 August 2009 09:44 AM
> To: php-general@xxxxxxxxxxxxx
> Subject: RE:  SESSIONS lost sometimes
> 
> Since we are on the subject: I have the following similar problem:
> 
> When testing page on internet explorer, I find that one tab's variables
can
> affect another tab's variables. Thus when having the same web-site open
and
> using SESSION variables but for different users, Internet explorer can
> become "disorientated". This also "sometimes" happen when I have two
> separate browsing windows open with Internet Explorer for the same site.
> 
> I have yet to determine if this is an internet explorer, or PHP or
> combination of the two that is causing this condition. 
> 
> To my understanding _SESSION variables should be maintained per session,
tab
> or window. If this has been addressed already, my apologies, but thought
it
> worthwhile to mention.  
> 
> If someone perhaps have a solution or can confirm this as a known issue
and
> maybe is the same or related to Angelo's problem?
> 
> --------------------
> 
> If different browser windows/tabs on the same client-side computer didn't
> share session info then you'd get the effect of being able to log onto a
> site with one browser window, but find in a second browser window that you
> were not yet logged on. Experience will tell you that you're logged on in
> both browser windows (try it with your online bank). It's not an issue,
it's
> a feature. If you want to be able to use different browser windows as
though
> they were different users then use different browsers e.g. IE and FF on
the
> same client-side computer will look like two separate end users to the
> server, and they don't share session info or cookies.
> 
> Cheers
> Arno
> 
> 

The key thing is that both tabs (or windows) from the same browser are in
the
*same* session - they send the *same* PHPID cookie. PHP is essentially
stateless
- it doesn't care where the request comes from, and ties a session to the
PHPID
cookie if it gets one. As far as PHP knows, requests from different tabs
with
the same PHPID cookie are requests from the same place in the same session.

To get a different session you need a different instance of the browser -
that's
the way browsers have been coded to work. It's not too hard with Firefox,
since
you can set up multiple profiles to have independent Firefox windows on the
same
screen.

-- 
Peter Ford                              phone: 01580 893333
Developer                               fax:   01580 893399
Justcroft International Ltd., Staplehurst, Kent

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux