Reputation: 339
Cross Browser: PHP Kill Sessions
I'm attempting to kill a user's previous session before logging them in: More context, I want to prevent users from signing in using the same username / password across different browsers or locations, stopping them from manipulating session state (like a balance of a game), across browsers.
Here's what I've done so far, but without success 1) Get the user's last session_id which is stored in the database as a user signs-in successfully, keeping that in a variable called $old_session_id
2) Attempt to delete the last session using the following code
session_id($old_session_id);
session_start();
session_destroy();
3) Attempt to start a new, clean, session for the user using session_start()
What I'm seeing is that the new session is not being started - user is logged out on both browesers
Any help is appreciated!
Upvotes: 0
Views: 1588
Answers (4)
Reputation: 110
sessions are stored in your browser only so if you so if you want to see if user is already logged in other browser you need to use database
add a row to your database with status 1 or 0
1 = "online";
0 = "offline";
in your login page check user status if 1
$query=mysql_query("select status from table_name were username=$_POST['username']");
$status=$query['status'];
if($status == 1)
{
redirect him to a page saying the account is already logged in
}else
{
let him in and update the database status = 1
}
while in logout page update the user status to 0 turning him offline
if you just want to delete all session use use session start first before destroy then session start again cause you cant destroy a session without starting it
session_start();
session_destroy();
session_start();
but if you want to delete a specific session you need to use
unset($_SESSION['sessionname']);
Upvotes: 0
Reputation: 2143
You can use session_regenerate_id to create a new id. Clear session data, regenerate id and start a new.
http://php.net/manual/en/function.session-regenerate-id.php
Upvotes: 0
Reputation: 285
once the session is destroyed a new one has to be created.
If you only want to clear the values on the session you can also try this:
session_start();
$_SESSION = array(); //unset all session variables
Upvotes: 0
Reputation: 32252
PHP sessions identified by a cookie set on the client's machine, and cookies are not shared between browsers. This is a non-issue.
Your code in #2 might explicitly change that user's session current session ID to that of the session in the previous browser which would cause the problem you're attempting to solve.
Also, you can only call session_start() once per request so of course #3 fails.
In short, just stop doing everything you've mentioned in your question and your problems will solve themselves.
Upvotes: 1
Related Questions
- Clear session on browser exit for php
- Destroy PHP Sessions on Browsers Tab Close
- Destroy PHP session on page leaving
- How to destroy PHP Sessions Using Javascript Ajax
- How do I kill a PHP session?
- logout php session using javascript
- How to kill a session after logging out using php
- Session destroy on browser close
- Destroy session in PHP
- Can you kill particular sessions?