Session Problem

Hi,

I have a problem using session...

I have a university web site from this site each student login with
his username and password then i create a session variable for him for
tracing student...

there is a problem happened when say registering semester courses if
two web pages opened for two students on the same machine, what
happened is that when one try to register his courses it's registerd
with the user of the second.

what i want to do that when someone login with his user on a machine
and another one try to login on the same machine with a different user
at the same time, it gives him a message that there is a user already
logging in and don't log him on until he closes the second user page.

Hope that what i want to say is clear.

thnx alot
Noha Khalifa
Web Developer at Misr University for Science & Techology

Re: Session Problem

On Sat, 12 Jan 2008 09:43:20 +0100, noha khalifa
wrote:

> Hi,
>
> I have a problem using session...
>
> I have a university web site from this site each student login with
> his username and password then i create a session variable for him for
> tracing student...
>
> there is a problem happened when say registering semester courses if
> two web pages opened for two students on the same machine, what
> happened is that when one try to register his courses it's registerd
> with the user of the second.
>
> what i want to do that when someone login with his user on a machine
> and another one try to login on the same machine with a different user
> at the same time, it gives him a message that there is a user already
> logging in and don't log him on until he closes the second user page.
>
> Hope that what i want to say is clear.

This would not be a problem for PHP, but of said machine. If two users can
be logged in/use it at the same time, they shouldn't be able to get their
hand in the other one's cookie jar...
--
Rik Wasmus

Re: Session Problem

noha khalifa wrote:
> Hi,
>
> I have a problem using session...
>
> I have a university web site from this site each student login with
> his username and password then i create a session variable for him for
> tracing student...
>
> there is a problem happened when say registering semester courses if
> two web pages opened for two students on the same machine, what
> happened is that when one try to register his courses it's registerd
> with the user of the second.
>
> what i want to do that when someone login with his user on a machine
> and another one try to login on the same machine with a different user
> at the same time, it gives him a message that there is a user already
> logging in and don't log him on until he closes the second user page.
>
> Hope that what i want to say is clear.
>
> thnx alot
> Noha Khalifa
> Web Developer at Misr University for Science & Techology

I assume you are using cookies to store the session id. Cookies are shared
between all insances of the same browser type. You need to use the method of
holding the session id in the url.

Re: Session Problem

cookies are shared

Re: Session Problem

On Sun, 13 Jan 2008 01:28:13 +0100, Peter Pei wrote:
> cookies are shared

Inform them this is a terrible, terrible idea, and any university that has
this should be deeply ashamed. Yes, you could try the GET/POST approach,
however, this has all kind of security implications (people could still
easily end up sharing sessions if one gives a link to the other to point
to a specific form/page on the site).
--
Rik Wasmus

Re: Session Problem

cannot see the connection

Re: Session Problem

On Sun, 13 Jan 2008 02:22:06 +0100, Peter Pei wrote:
> cannot see the connection

1. Usenet Etiquette
2. We're talking about sessions, and the way to keep them for only one
person. What is it you don't understand that there's no way they can be
implemented with any reliability (unless you force them to be carried
through $_POST, and even then...)
--
Rik Wasmus

Re: Session Problem

Rik Wasmus wrote:
> On Sun, 13 Jan 2008 02:22:06 +0100, Peter Pei wrote:
>> cannot see the connection
>
> 1. Usenet Etiquette
> 2. We're talking about sessions, and the way to keep them for only one
> person. What is it you don't understand that there's no way they can be
> implemented with any reliability (unless you force them to be carried
> through $_POST, and even then...)

IP/Password hash via $_GET and no ck?
Well, It's still kinda messed up.

-thib´

Re: Session Problem

nutty

Re: Session Problem

On Sun, 13 Jan 2008 03:24:42 +0100, thib´
wrote:

> Rik Wasmus wrote:
>> On Sun, 13 Jan 2008 02:22:06 +0100, Peter Pei wrote:
>>> cannot see the connection
>> 1. Usenet Etiquette
>> 2. We're talking about sessions, and the way to keep them for only one
>> person. What is it you don't understand that there's no way they can be
>> implemented with any reliability (unless you force them to be carried
>> through $_POST, and even then...)
>
> IP/Password hash via $_GET and no ck?

Same machine, same IP, same problem people 'giving' some other one an url
which happens to have their password hash...
--
Rik Wasmus

Re: Session Problem

On Sun, 13 Jan 2008 03:37:41 +0100, Peter Pei wrote:
> nutty

You? Yes.
*plonk*
--
Rik Wasmus

Re: Session Problem

thnx for ur reply,

So do u think if i used the session id in URL the problem will be
solved.

I just want to explain the problem for u again, when a user login and
open certain page with his details and left his page open and another
user open login page on the same machine while the first page opened
the details page opened is for the first one and when he tried to save
his data, data for the first one is to be saved.

i think this problem as u said that just one session id is stored per
site for one of these id's on the machine cookies, i don't know if
this problem will be solved if i store session id data in URL ????

thnx again
Noha Khalifa

Re: Session Problem

noha khalifa wrote:
> thnx for ur reply,
>
> So do u think if i used the session id in URL the problem will be
> solved.
>
> I just want to explain the problem for u again, when a user login and
> open certain page with his details and left his page open and another
> user open login page on the same machine while the first page opened
> the details page opened is for the first one and when he tried to save
> his data, data for the first one is to be saved.
>
> i think this problem as u said that just one session id is stored per
> site for one of these id's on the machine cookies, i don't know if
> this problem will be solved if i store session id data in URL ????
>
> thnx again
> Noha Khalifa

I did read your OP thank you and I offered a solution and a brief
explanation of why it would help. I don't see what you hope to achieve by
explaining the problem again.