PHP how to manage multiple session in same browser using cookies?

Question

I'm new to PHP, I read other articles without finding the answer I'm looking for, but still don't know if what I want to do makes sense or not.

I'm using PHP 7.

My user authentication page, checks credentials and then executes session_start(), creating the session server-side and a cookie client-side in the browser.

Each other page of the web application then calls session_start() to resume session information, in this case checking the cookie. Everything works fine so far... at least when I have a single login.

I'd like to be able to have more than one user SIMULTANEOUSLY logged in the same browser (on another tab for example.) using cookie. I don't want to append the session ID to the URL.

I managed to create different session on the server-side using session_id() before session_start() in the authentication page based on username, but the problem is on the client side.

The first successful login (session_start()) creates a cookie and the second login updates the same cookie corrupting the previously created session.

Therefore when it comes to resume the session, session_start() will resume only the last session, mixing the data fetched from DB based on session info.

Is there a way to make session_start() create a cookie for each login and make PHP resume the correct session using cookies?

Any ideas?

FURTHER DETAILS: I'm updating a legacy app trying to fix some security issue. The need for multiple sessions comes from administrative purposeses where admins access the same site. The reason why it's needed a separation of session is that depending of the session info, the data are fetched from a different database. Therefore, a regular usage would only need one session per user, but the administrator he needs to make multiple logins viewing different data depending on that login.

I guess this will help you http://stackoverflow.com/questions/24964699/php-how-can-i-create-multiple-sessions — Gayan, Nov 25 '16 at 09:46
Possible duplicate of [Multiple PHP Sessions](http://stackoverflow.com/questions/854105/multiple-php-sessions) — Manh Nguyen, Nov 25 '16 at 09:54
Do you want to use this during development? Or is this for the end user and the finished site? — Torbjörn Stabo, Nov 25 '16 at 10:47

score 1 · Answer 1 · edited Nov 26 '16 at 01:07

1

You can use the same session but change the variable names that you are looking for:

if ( $_SERVER['REQUEST_URI'] == '/admin/' ):
    $session_name = 'session1';
else:
    $session_name = 'session2';
endif;
session_start( $session_name );

edited Nov 26 '16 at 01:07

Sebastian Lenartowicz

4,695
4
28
39

answered Nov 25 '16 at 09:46

Arun Kumar MG

148
1
11

Torbjörn Stabo · Answer 2 · 2016-11-25T10:28:31.763

0

The default PHP behaviour is to handle sessions using cookies.

..and the default behaviour for browsers is to "reuse" the same set of cookies if you revisit an URL in another tab.. So, like mentioned below:

The simple way probably is to start another browser. Not the same browser but like firefox and chrome, if you have multiple browsers installed.
Another way would be to install a browser plugin, like Sessionbox for Chrome or Multifox for Firefox.

Edit, for clarity: I can think of two cases when multiple sessions would be used:

During development. Depends on the application, but an obvious case would be testing communication between two users.
After deployment. Though I've never seen a site that required multiple logins for the same user account.

This is my frame of reference. Based on this I assumed the question was for development. I'm not suggesting that the site should require installing extra packages. Flash would be about the only one that's ever gotten away with that..

edited Nov 25 '16 at 10:28

answered Nov 25 '16 at 09:50

Torbjörn Stabo

769
4
7

So you would suggest that users of your program install a second browser or a plugin??? Nice... – Auris Nov 25 '16 at 10:07
@Auris Total disclaimer for possibly misunderstanding his intentions. I assumed this was to be used by him during development. Of course end users shouldn't have to install things to use the site(exception: flash?) But I've never experienced a site where ordinary users have to login multiple times.. – Torbjörn Stabo Nov 25 '16 at 10:12
You can achieve multiple sessions if you use separate session cookies (even on the same site). And as for his question, I believe he is asking about how to build that :) – Auris Nov 25 '16 at 10:25
@Auris It's possible he is. But who knows more than him? It's not crystal clear, so answers for different cases should be allowed. And you're right, multiple sessions can definitely be handled&supported, I know that. But I'm curious as to why one would want that in the PHP code. Also, I tried to "clear the fog" about some of the session corruption/clientside issues he mentions. – Torbjörn Stabo Nov 25 '16 at 10:38
There are cases, when you are forced to implement multi sessions, when you are working with large legacy apps and rewriting the whole app is not available. If you need to do that for a new app, than there is a fundamental flaw in your app's architecture. – Auris Nov 25 '16 at 10:42
I'd still expect fixing the problem with the legacy account handling to be easier than writing a new one for the app and tack it on top of the old one. It's not like we're talking esotheric mechanical parts from an ancient factory far away that's since been closed or anything. My case(for dev use) is at least still entirely possible. What was the reason for the downvote? *If* it turns out Obomar wasn't asking about dev environment usage I can delete my answer. – Torbjörn Stabo Nov 25 '16 at 12:05
Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/129033/discussion-between-auris-and-torbjorn-stabo). – Auris Nov 25 '16 at 12:07

PHP how to manage multiple session in same browser using cookies?

2 Answers2

Linked