0

I am having a hard time understanding something related to PHP session. Currently I can have two users log in at the same time (user/admin): log in as a user, then open another browser window and log in as an administrator.

I don't want this thing. So I think the best solution is to check, before the submit of the login functionality is being triggered, to check if there is a session set, and if it is, to destroy it.

 if (isset($_SESSION)) {
    session_destroy();
 }

But I am not sure, is this the best approach on doing it?

IleNea
  • 569
  • 4
  • 17
  • 1
    Why you just don't deny access to login page and/or functions for already authenticated users ? – Oleksandr Pobuta Jul 18 '19 at 07:35
  • Its not clear to me: don't you want to allow the same user to login twice or any two users simultaneously? – Verim Jul 18 '19 at 07:38
  • @Verim any two users simultaneously. So, wehn trying to login in with the second user, the session of the first user to be destroyed :-? – IleNea Jul 18 '19 at 07:43
  • Uncommon page where only one user can be logged in at any time, but fine. In that case you have to delete all sessions when a new user is logging in. Think best way is [this](https://stackoverflow.com/a/5193785/2709069) answer. – Verim Jul 18 '19 at 07:51
  • Well each user has its own session data. When you use $_SESSION, it contains the session data for the current user and not all users. If you want only one user to be logged in at a time, then you can save the login status of users to database or a file. When a new user tries to login, you can check if another user is logged in. If another user is logged in, display a message to the new user. Also see this question: https://stackoverflow.com/questions/5443355/remotely-destroy-a-session-in-php-user-logs-in-somewhere-else – Nadir Latif Jul 18 '19 at 08:29

0 Answers0