Sessions apply in more than one website

StackOverflow https://stackoverflow.com/questions/23582019

  •  19-07-2023
  •  | 
  •  

Domanda

I have made 2 websites that use a log in system and everything works fine on both of them. The user can log in and log out of both. I am using xampp and have both websites open in Chrome in two tabs. On both websites I have the email address of the user displayed when the user logs in. The problem is when I log into website A al the switch to website B and refresh the page I am logged in on that website as well with the email address that I logged in with on website A. This address that is display also displays when there is no account associated with the apposite website. My question is how do restricted the session to the single website.

This is the login action

 <?php
 include 'db.inc';
 session_start();
 $UserEmail =$_POST["EmailAddress"];
 $UserPassword =$_POST["Password"];
 $query = "SELECT * FROM members WHERE EmailAddress = '$UserEmail' 
         AND  password = '$UserPassword' "; 

$connection = mysql_connect($hostname, $username, $password) or die ("Unable to  connect!"); 
mysql_select_db($databaseName) or die ("Unable to select database!"); 
$result = mysql_query($query) or die ("Error in query: $query. ".mysql_error()); 
// see if any rows were returned 
if (mysql_num_rows($result) > 0) { 
    $_SESSION["authenticatedUser"] = $UserEmail;
      // Relocate to the logged-in page
     header("Location: Index.php");
  } 
  else 
   {

    $_SESSION["message"] = "Could not log in as $UserEmail " ;
     header("Location: Login.php");
    }    
 mysql_free_result($result); 
 mysql_close($connection); 

 ?>

And this is when the user is logged in.

<?php
session_start();
if (!isset($_SESSION["authenticatedUser"]))
{
  $_SESSION["message"] = "Please Login";
   header("Location: Login.php");
}
else
 { ?>

This is where the user email address is displayed

<div class="Login">
<ul>
<?php if(isset($_SESSION['authenticatedUser']) && $_SESSION['authenticatedUser'] != null ) {?>
<li><a href="ProfilePage.php">Welcome <?php echo $_SESSION["authenticatedUser"] ?></a>    </li>
   <li><a href="logout.php"><span>Log Out</span></a></li>
<?php } else {?>
 <li><a href="login.php"><span>Log In</span></a></li>
 <?php } ?>

Hope this is all relevant!

È stato utile?

Soluzione 2

A session is usually handled on the browser side by a cookie. A cookie has a domain: the site and path to which the cookie applies. Look at the cookies that are set in your browser; your site's session cookie likely has a domain that applies to both of your web sites.

You'll need to make sure that the path on each site's session cookie is specific enough that the other site won't pick it up.

Altri suggerimenti

I would recommend you read this manual page:

http://de2.php.net/manual/en/session.examples.basic.php

and this wiki page:

http://en.wikipedia.org/wiki/HTTP_cookie#Domain_and_Path

and the source of your problem should be clear.

Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a StackOverflow
scroll top