Just a re-iteration on the problem:

Browser 1 has user A details 

Browser 2 has user B details

User B logs off, then user A is suddenly in logged of status also.

The method used to destroy the session is:
// Unset all of the session variables.
$_SESSION = array();

// Finally, destroy the session.

Problem. User's A session is also destroyed. The concern is, that this
should not be the case. User A must happily continue to work.

So, should PHP destroy the whole browser's session id's variables? My answer
is "No".

User A and user B should have different session ids, if not, then it is
wrong. A new window should have PHP to spawn a new session id (that is, the
request does not come from an existing page where an id has been created
already. If the ids are different, then session_destroy should only clear
variables for relevant session_id, ie only User B's details In this example.

The problem then probably lies in the session_ids being either the same for
the two different logins (although they are on different browser) or
session_destroy clearing data across sessions. (I will test that later). It
would then seem that session ids is setup per location/machine by MS Windows
as per Peter's explanation. Setting up profiles is the the resolution as
suggested. Otherwise, it would be nice if Windows/IE/FF/PHP could identify
when a BRAND NEW page is being opened and then create a brand new session id
for that window/tab.

It is not a huge issue, I was just wondering if someone else had the same
annoying condition. I am happy with the responses and the functionality
somewhere on a wish-list. 

Now Back to Angelo's SESSION problem which sounded like it could be related.


-----Original Message-----
From: Leon du Plessis [mailto:l...@dsgnit.com] 
Sent: 20 August 2009 10:57 AM
To: 'Peter Ford'; php-general@lists.php.net
Subject: RE: [PHP] SESSIONS lost sometimes

That is how I know browsers to work, yet for a while the bahaviour has
changed. The question in light of this then is, should a new browser or tab
not open a new PHP SESSION ID. Session ID's should be kept if called from
existing pages or ID's? But new pages has no parent? Just wondering.

-----Original Message-----
From: Peter Ford [mailto:p...@justcroft.com] 
Sent: 20 August 2009 10:47 AM
To: php-general@lists.php.net
Subject: Re: [PHP] SESSIONS lost sometimes

Leon du Plessis wrote:
> ">> It's not an issue, it's a feature."
> Thanks Arno...but it is a pain also.
> If I work with user A in Tab1 (window1), I want to work with user B
> separately in Tab2. When user in Tab2 logs off, I still want user A to
> and not suddenly have to re-login. Same with bank. If I work with my
> account, then my personal account must not become an issue because I am on
> the same machine and site. 
> I have no issue with using FF and IE to do testing as that takes care of
> browser compatibility testing at the same time :-), but I think when you
> start a new session with new values, it should be kept under that
> alone. Cookies can take care of more details, but my opinion is data
> never be affected across windows/tabs unless the same user is logged in on
> both....even then I would expect PHP to keep data per session. Maybe it
> beyond being an IE or FF issue..the questiojn is...will PHP allow
> from session A become corrupted when session B is in progress when they
> should actually be handled seperately?
> In the end I think it is something I do wrong in PHP with the SESSION
> variables and how I clear them....if so...I don't think PHP should allow
> clearing SESSION variables from other sessions.
> -----Original Message-----
> From: Arno Kuhl [mailto:ak...@telkomsa.net] 
> Sent: 20 August 2009 10:03 AM
> To: 'Leon du Plessis'; php-general@lists.php.net
> Subject: RE: [PHP] SESSIONS lost sometimes
> -----Original Message-----
> From: Leon du Plessis [mailto:l...@dsgnit.com] 
> Sent: 20 August 2009 09:44 AM
> To: php-general@lists.php.net
> Subject: RE: [PHP] SESSIONS lost sometimes
> Since we are on the subject: I have the following similar problem:
> When testing page on internet explorer, I find that one tab's variables
> affect another tab's variables. Thus when having the same web-site open
> using SESSION variables but for different users, Internet explorer can
> become "disorientated". This also "sometimes" happen when I have two
> separate browsing windows open with Internet Explorer for the same site.
> I have yet to determine if this is an internet explorer, or PHP or
> combination of the two that is causing this condition. 
> To my understanding _SESSION variables should be maintained per session,
> or window. If this has been addressed already, my apologies, but thought
> worthwhile to mention.  
> If someone perhaps have a solution or can confirm this as a known issue
> maybe is the same or related to Angelo's problem?
> --------------------
> If different browser windows/tabs on the same client-side computer didn't
> share session info then you'd get the effect of being able to log onto a
> site with one browser window, but find in a second browser window that you
> were not yet logged on. Experience will tell you that you're logged on in
> both browser windows (try it with your online bank). It's not an issue,
> a feature. If you want to be able to use different browser windows as
> they were different users then use different browsers e.g. IE and FF on
> same client-side computer will look like two separate end users to the
> server, and they don't share session info or cookies.
> Cheers
> Arno

The key thing is that both tabs (or windows) from the same browser are in
*same* session - they send the *same* PHPID cookie. PHP is essentially
- it doesn't care where the request comes from, and ties a session to the
cookie if it gets one. As far as PHP knows, requests from different tabs
the same PHPID cookie are requests from the same place in the same session.

To get a different session you need a different instance of the browser -
the way browsers have been coded to work. It's not too hard with Firefox,
you can set up multiple profiles to have independent Firefox windows on the

Peter Ford                              phone: 01580 893333
Developer                               fax:   01580 893399
Justcroft International Ltd., Staplehurst, Kent

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to