Friends,
Whenever a user logs-in, I am setting cookies containing the
user ID and the associated
password and his/her User Name which is obtained from the DB Table after checking whether the User ID and Password values are valid (found) or not. Then the User Control Panel is displayed:
user_login.php
PHP Code:
setcookie("login_id",$emp_id,0);
setcookie("login_password",$password,0);
setcookie("user_first_name",$rs->Fields["emp_name"]->Value,0);
setcookie("user_last_name",$rs->Fields["emp_last_name"]->Value,0);
echo "Login Succeeded! Redirecting...";
echo "<script>top.location='user_panel.php'</script>";
The User CP has many pages/links that will also check for the cookies whether they contain any value or not before they can display their contents (the pages):
validate_login.php: called inside a user page such as "Post_Thread.php"
PHP Code:
<?php
if($_COOKIE["login_id"] == "" || $_COOKIE["login_password"] == ""){
?>
<script type="text/javascript">
<!--
top.location = "index.html"
//-->
</script>
<?php
}
?>
It works fine up to this level. Next when a user logs out the cookies are destroyed so that any page such as "Post_Thread.php" will not show up if called directly using the direct URL (
www.example.com/Post_Thread.php):
user_logout.php
PHP Code:
<?php
setcookie("login_id", "", -1);
setcookie("login_password", "", -1);
header('Location: index.html');
?>
Well, it all works fine. But when a user logs-out and another user logs-in
on the same computer without closing the browser then the cookie set in the first page above still gives the previous user's name:
PHP Code:
echo $_COOKIE['user_first_name'];
even though it is being overwritten when the other user logs-in.
Note the underlined words above. If the browser is closed and opened again then the above cookie will give the correct information.
So, am I having any incorrect strategy here to provide a User Environment wherein different users can log-in on the same computer using the same browser such as Google Chrome or IE, of course, after logging out from one account?
Let me give you an example from this forum itself. I am using Google Chrome and the URL is
PHP Code:
http://www.linuxquestions.org/questions/newthread.php?do=newthread&f=9
I am going to hit this URL in IE and I am getting this message:
PHP Code:
LinuxQuestions.org Message
You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:
1.You are not logged in. Fill in the form at the bottom of this page and try again.
2.You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
3.If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.
Log inUser Name:
Password:
Forgotten Your Password? Remember Me?
The administrator may have required you to register before you can view this page.
That is exactly what I am trying to achieve / do. That is why I am calling "validate_login.php", as mentioned above, from inside every page which is user specific and it is only checking for the cookies whether they contain any values or not. This works fine. But when the user A logs out and the user B logs-in the cookies still have the user A's information stored in them.
A Side Note: Do you keep a similar strategy or some other one to maintain user's log-in information across several pages to ensure that only the logged-in user has access to those pages which are not for the Guest User and also that two log-ins to not clash i.e. only one Log-in is maintained and validated?