I have the following problem: I have 1 application used by 5 users ...
For each user there is a folder on the server, because for each one there is a configuration and some files are different, so the authentication links are:
user1 = www.meuservidor.com.br/pasta1
user2 = www.meuservidor.com.br/pasta2
user3 = www.meuservidor.com.br/pasta3
user4 = www.meuservidor.com.br/pasta4
user5 = www.myserver.com/pasta5
In%% of each folder, there is a login screen that ajax authenticates to the login database and password passed by the user, under the following conditions:
//Caso o usuário não esteja autenticado, abre tela de login
if ( !isset($_SESSION['login']) and !isset($_SESSION['senha']) ) {
//exibe form de login
}else{
//exibe a pagina restrita
}
Example situation:
If I log into user1 ... my session starts normally, but if I modify the url I can access the index of the other folders ... since the session has already been started.
I need help blocking this.