1. Logging in only once is easy. Make the login page only appear if isset($_SESSION['accountcode']) Else, have it display a page saying you are already logged in. 2. SSL 3. If a session expires the user logs out and the session is destroyed. That's why it's called expiration. 4. session_destroy() only destroys the session with the PHPSESSID that matches the cookie on the users system. In other words: no, unless both users run session_destroy. You're obviously new to this stuff. PHP was made for ease of use in mind, so most of your concerns are already addressed. It would be extremely difficult to use a session if any user logging out would log every other user out. Hope this helps, Aaron. -----Original Message----- From: Nhadie Ramos [mailto:nhadie.ramos@xxxxxxxxx] Sent: Monday, April 28, 2008 10:05 AM To: php-db@xxxxxxxxxxxxx Subject: session handling hi all, i'm a newbie and i really would like to be able to understand how session works. for the scenario, i have customers with two users login to manage their records (like adding their own customers). e.g. customer A has a username customera1 and customera2, customer B has customerb1 and customerb2. when user logins, i add on the session accountcode $_SESSION['accountcode'] (which is the unique identifier for each customer). here are some of the questions i have: 1. how can i make sure each user can login only one time? 2. if customera1 and customera2 are logged in at the same time and they are going to access the same data, how can i lock it to whoever had access to it first? 3. if a session expires, is there a way to automatically logout that user and destroy the session? 4. if both a user in customer A and B are logged in, then user A logouts and i have a script that call session_destroy(), will that also destroy the session of customer B? hope someone can help me. regards, nhadie --------------------------------- Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
