Hi nhadie, 1. Unlike, ASP or ASP.NET, PHP only has a Session object, not an Application object. A session is only available to one single user only, and you can't share information between Sessions using PHP (you'd use the Application object for this in ASP(.NET)). While you can probably hack your way into the Session-files that PHP stores somewhere on the hard disk, that's obvioulsy not their intended you (but I want to mention this for the sake of being complete). What you can do is add a Boolean-field to your user-table in the database that says whether somebody is currently logged in. If the field is true, they can't log in a second time. The problem with this approach however is that it depends on the use actually logging out as well (thus calling a script that sets the field back to false). So here's a better solution: Create a separate table and call it something like "Sessions". It should contain at least three fields: AccountCode, LoginTime and LastActivityTime. When somebody first logs in, you create a record in this "Sessions" table. Everytime he pulls up a new page, you update the LastActivityTime field with the current date/time in the database. When somebody tries to log in a second time, you can deny them access based on the record that exists in the "Sessions" table. Here's how it works when somebody "forgets" to log out: each time you access the Sessions table, you should run a second query that automatically deletes all the sessions that haven't been updated for the last 30 minutes (the number should be the same to the timeout value for the $_SESSION object). So each time a user performs an action, you automatically remove all the sessions of all users that have been inactive for 30 minutes or more.
2. This is trickier. What do you mean with "access"? Are you talking about lost updates? Are you talking about simple read-operations? Actually, even as you claim you're a newbie, you're asking questions that are keeping us all up at night! :-) The solutions vary depending on your situation. Maybe you can add field "ActiveTable" to the above-mentioned "Sessions" table and take it from there? 3. I think I've covered this under . 4. No, it won't. Each user has his/her own $_SESSION object HTH, Yves ------ Original Message ------ Received: Mon, 28 Apr 2008 10:06:19 AM CDT From: Nhadie Ramos <[EMAIL PROTECTED]> To: email@example.com Subject: [PHP-DB] session handling hi all, i'm a newbie and i really would like to be able to understand how session works. for the scenario, i have customers with two users login to manage their records (like adding their own customers). e.g. customer A has a username customera1 and customera2, customer B has customerb1 and customerb2. when user logins, i add on the session accountcode $_SESSION['accountcode'] (which is the unique identifier for each customer). here are some of the questions i have: 1. how can i make sure each user can login only one time? 2. if customera1 and customera2 are logged in at the same time and they are going to access the same data, how can i lock it to whoever had access to it first? 3. if a session expires, is there a way to automatically logout that user and destroy the session? 4. if both a user in customer A and B are logged in, then user A logouts and i have a script that call session_destroy(), will that also destroy the session of customer B? hope someone can help me. regards, nhadie --------------------------------- Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php