Restrict User Access in same browser

Question

I am making a php based application. When two users are logged in from same the browser in different tabs then they can access each other page. How to prevent this?

Answer 1

I see there 4 solutions:

1. You could just try to give that window (in this case tab) a name to detect a special window with JavaScript:

   if(window.name==4711) {...}
   

2. Use a session with a GET parameter and not with a cookie.

3. Use a random sub domain with normal cookies that operates on that subdomain.

4. Use a normal cookie which is restricted to a "virtual" directory which not really exists with the usage of mod_rewrite. Idea based on this comment.

Answer 2

Use $_SESSION or $_COOKIE to store a generated key that is created when a user logs in and update your database so that when a user changes a page, you access their information based on that generated key. Also you need might want to create a simple function that checks the key and than use another function for your page, if it's like a menu bar or login box, wrap it inside an if statement like

if(checkUser($_COOKIE['MYSID'])){
   // User is logged in so show whatever
} else {
   // Login box here
}

Answer 3

use window.name property or set cookie for each user by time of opening browser tab.

Answer 4

you application is not checking if user is currently logged in or not so what you have to do first when user enters credentials and logs in set a session variable

$_SESSION['logged_in'] = "true";

then you have to make some modification to your index page as follows at the beginning of page

<?
if($_SESSION['logged_in']=='true'){
header('location:USERS_SPECIFIC_PAGE_AFTER_LOGIN.EXT')
}
else{
header('location:login_page.ext');
}

?>