Different session in browser tabs

6

I'm having trouble logging on to a system. What happens is the following:

  • I opened the browser, accessed the system URL and logged in. At this point the "X" session is created.
  • I opened a new browser tab, accessed the URL, and logged in with another user.
  • I returned to the first tab, opened other screens of the system and at that moment my tab 01 takes the session of 02.
  • The adjustment has to be made because the approval and production system are constantly used in parallel and therefore can not "mix" the sessions.
  • Extra Data:

    • It does not matter how many tabs I access and with which login I access the system, the current session will ALWAYS be the last logged in.
    • The screens I mentioned in section 3 are windows with the component Kendo UI Window
    • The problem occurs in ALL browsers.
    • Approval and production systems stay on the same server.
    asked by anonymous 30.09.2015 / 13:47

    2 answers

    2

    Short answer

    In the login file, do something like this:

    <?php
    
    switch( $ambiente )
    {
      case "Produção";
        session_name( "SESSIDSistemaX");
        break;
      case "Homologação":
        session_name( "SESSIDSistemaXHom" );
        break;
    }
    session_start();
    

    Or the equivalent in the language you're using.

    Explanation

    Since you have two "applications" running on the same server, under the same domain, the method is to isolate the name of the session cookie.

    Long answer

    At some point in the code a session is opened from a specific name cookie. If this cookie is empty a new session is started with a new id, otherwise the session with the same id contained in the cookie to be opened / created.

    When there are two separate servers, the sessions do not merge due to pure unavailability: one server does not access the other's files. When there are two domains (or sub domains) it is possible to try the solution pointed out by @ juniorb2ss, since cookies can be restricted by whole and partial domains, which in practice causes the browser to not deliver cookie from one domain to another, machine, which forces the opening of a new session with a cookie that is not shared.

    But when you're not on separate machines, or on separate domains, then you always open the same session. And it is obvious from the above algorithm: the folder where session_start() is called does not change its behavior. On the contrary, if it changed, it probably would not work.

    So there are no "two systems" running in separate folders on the same machine, under the same domain. From the language point of view, there are two codes in different folders of the same application that are opening the same session.

    This will eventually give problem

    Who says friend is. Running different "systems" in folders on the same server, in the same domain, is asking for trouble. The above solution, although it works, is a pretty fragile twig.

        
    16.03.2016 / 23:47
    1

    Your issue may be with cookie sharing.

    Let's start with the fact that% of% of% with% of its% is% of% and% of% is URL . Okay?

    When setting a cookie, it is being set to produção ie it will be persistent in either prod.url.com or homologação which are homo.url.com of .url.com . Followed?

    PHP gives you the ability to set the domain cookie:

    setcookie('YourCookieName', 'Some Values', time() + 3600, '/', 'url.com'); 
    

    This way the cookie will only be set to prod.url.com

    setcookie('YourCookieName', 'Some Values', time() + 3600, '/', '.url.com');
    

    This way the cookie will be set to homo.url.com and sub-domains.

    To set a cookie for a specific subdomain, which is what you need, just do:

    setcookie('YourCookieName', 'Some Values', time() + 3600, '/', 'homo.url.com');
    

    In this way, when accessing sub-dominios you will be logged in, accessing url.com you will need to log in again.

    Well, it's the most that I can analyze you, because you did not post code, so I believe that's what is happening.

    Edit

    If you are not working with sub domains, that is, with paths p.x: url.com or url.com ai is another question, since for the server they are the same system.

    I have a global solution for this type, because I avoid working with separate systems separated by paths, I always try to work with sub-domains, the integrity is greater.

    If you work this way the best way is to login to define which system the user is logging in. For example saving to his session

    $_SESSION['ambiente'] = 1 // url.com/prod
    

    When checking if the user's login is active you ask him what his environment is, what% s% s he is visiting? If it is not you force logout to renew your login to that environment.

    For further explanation just by looking at the code, it's as much as I can.

    Hugs.

        
    30.09.2015 / 14:58