Reputation:
Multiple sessions on one computer overriding each other
I have created a forgot password function and everything works great as long as one session is active at a time. When multiple sessions are run, they start overriding each other. i'm not sure how to solve this. i thought by passing seesion variable, i could identify the sessions by email. If anyone can teach me what i am doing wrong, or how to correctly run multiple sessions, it would greatly appreciated. Thanks in advance.
function forgot_submit(){
GLOBAL $db;
if (isset($_GET['forgot']) && $_GET['forgot'] == 'true') {
$email = $_POST['forgot_password'];
$token = "1234567890qwertyuiopasdfghjklzxcvbnm";
$token = str_shuffle($token);
$token = substr($token, 0, 10);
mail($email, "Password Reset", "To reset you password, please enter this code: $token", "from: [email protected]");
$Query = $db->prepare("UPDATE user SET forgotToken='$token' WHERE email='$email'");
$Query->execute();
if ($Query) {
$_SESSION['email'] = $email;
echo json_encode(['error' => 'success', 'msg' => 'resetPassword.php']);
}
}
}////close forgot submit///////////
forgot_submit();
Upvotes: 1
Views: 52
Answers (1)
Reputation: 124
A session is a hunk of data that you want to associate with a particular user (whether user is authenticated, user name, or something else you don't want to fetch from database on every page load). Every page load needs a session_start() to open the data, which will be empty until a $_SESSION key is added. The PHP engine identifies each session by a cookie variable. If you're only setting $_SESSION['email'] in one browser, you will get the same answer.
That being said, once a user decides they need a new password, you should immediately destroy the session: session_destroy() so the user is forced to logout and reauthenticate.
Additionally, in your next upgrade, prepared statements should have bound values or parameters with named or question mark placeholders.
Upvotes: 1
Related Questions
- PHP Sessions getting mixed up across two seperate applications
- Prevent more than one session from overwriting each other on the same website in PHP
- Same Session, Different Browser
- PHP Sessions Mixing
- Multiple PHP Sessions
- PHP Sessions across a network
- Issues with multiple sessions being stored for the same user
- Same session variable for different systems
- annoying Session overwriting
- PHP User Sessions Getting 'Muddled'