Different session in browser tabs

Asked

Viewed 2,164 times

6

I’m having problems with a system session. What happens is this:

  1. I opened the browser, downloaded the system URL and logged in. At this point the "X" session is created.
  2. I opened a new browser tab, downloaded the URL and logged in with another user.
  3. I returned to the first tab, opened other screens of the system and at that time my tab 01 assumes the session of 02.
  4. The adjustment has to be done because the type approval and production system are constantly used in parallel and so can not "mix" the sessions.

Craps Extras:

  • No matter how many tabs I access and with which login I access the system, the current session will ALWAYS be the last login made.
  • The screens I mentioned in item 3 are windows with the component Window da Kendo UI
  • The problem occurs in ALL browsers.
  • The approval and production systems are on the same server.
php browser session

  • Isabela, the problem is when logging in, you should not be checking if there is an active login session, preventing the user from accessing the login route, and so redirecting it. When logging in always one login will unsubscribe the other because the name Sesssions are the same. If the problem is the homologation system interfering with the production problem is in the definition of Session, you do not say which url it belongs to, it must be getting every domain.

  • @juniorb2ss I realized that the name of the sessions are the same, but there is no way I can change that name then? And how do I validate if there is no active session? In my accounts, he wasn’t supposed to be sharing the session because a new tab in theory would be a new instance, right?

  • No, Isabella. I will post an answer, wait.

  • I think it’s more @Isabela filter problem, I’m used to Java, I don’t know if PHP has this feature implemented.

2 answers

2


Short answer

In the login file, do something like this:

<?php

switch( $ambiente )
{
  case "Produção";
    session_name( "SESSIDSistemaX");
    break;
  case "Homologação":
    session_name( "SESSIDSistemaXHom" );
    break;
}
session_start();

Or the language equivalent you’re using.

Explanation

Since there are two "applications" running on the same server, under the same domain, the way is to isolate the change name session cookie.

Long answer

At some point in the code a session is opened from a specific name cookie. If this cookie is empty a new session is started with a new id, but the session with the same id contained in the cookie that will be opened/created.

When there are two separate servers the sessions do not mix for pure unavailability: one server does not access the files of the other. When there are two domains (or sub domains) it is possible to try the solution pointed out by @juniorb2ss, because cookies can be restricted by entire and partial domains, which in practice makes the browser not deliver cookie from one domain to another, even if on the same machine, which forces the opening of a new session, with a cookie that is not shared.

But when you’re not on separate machines or separate domains, then you always open the same session. And it is obvious by the above algorithm: the folder from which the session_start() is called does not change its behavior. On the contrary, if it did, it would probably not work.

So there are no "two systems" running in separate folders on the same machine under the same domain. From a language point of view, two codes in different folders of the same application are opening the same session.

This will eventually give problem

Who warns friend is. Running different "systems" in folders of the same server, in the same domain, is asking to give problem. The above solution, although it works, is a considerably fragile branch break.

1

Your problem may be facing cookie sharing.

Let’s assume that the URL of produção your see p.x: prod.url.com and that of homologação be it homo.url.com. OK?

When setting a cookie, it is set to .url.com that is, it will remain persistent both in prod.url.com or homo.url.com who are sub-dominios of url.com. Accompanied?

PHP gives you the possibility to set the cookie for domain:

setcookie('YourCookieName', 'Some Values', time() + 3600, '/', 'url.com');

This form the cookie will be set only for url.com

setcookie('YourCookieName', 'Some Values', time() + 3600, '/', '.url.com');

This form the cookie will be set to url.com and sub-domains.

To set a cookie for a specific sub-domain, which is what you need just do: 

setcookie('YourCookieName', 'Some Values', time() + 3600, '/', 'homo.url.com');

This way when accessing home.url.com you will be logged in, when accessing prod.url.com you will need to log in again.

Well, that’s as far as I can look at you, 'cause you didn’t post code, so I guess that’s what’s going on.

Edit

If you are not working with sub-domains, ie with paths p.x: url.com/prod or url.com/homo there is another issue, since for the server are equal system.

I owe a global solution for this type, not least because I avoid working with different systems separated by paths, I always try to work with sub-domains, the integrity is greater.

If you work like this the best way is for you to login to define which system the user is logging in. For example save to his Section 

$_SESSION['ambiente'] = 1 // url.com/prod

When checking if the user login is active you ask what their environment is, it is to URL What is he visiting? If it is not you force the logout to renew his login for that environment.

For further explanations, I can only see the code.

Hugs.

Browser other questions tagged php browser session

You are not signed in. Login or sign up in order to post.