I'm new to PHP, I read other articles without finding the answer I'm looking for, but still don't know if what I want to do makes sense or not.
I'm using PHP 7.
My user authentication page, checks credentials and then executes session_start()
, creating the session server-side and a cookie client-side in the browser.
Each other page of the web application then calls session_start()
to resume session information, in this case checking the cookie. Everything works fine so far... at least when I have a single login.
I'd like to be able to have more than one user SIMULTANEOUSLY logged in the same browser (on another tab for example.) using cookie. I don't want to append the session ID to the URL.
I managed to create different session on the server-side using session_id()
before session_start()
in the authentication page based on username, but the problem is on the client side.
The first successful login (session_start()
) creates a cookie and the second login updates the same cookie corrupting the previously created session.
Therefore when it comes to resume the session, session_start()
will resume only the last session, mixing the data fetched from DB based on session info.
Is there a way to make session_start()
create a cookie for each login and make PHP resume the correct session using cookies?
Any ideas?
FURTHER DETAILS: I'm updating a legacy app trying to fix some security issue. The need for multiple sessions comes from administrative purposeses where admins access the same site. The reason why it's needed a separation of session is that depending of the session info, the data are fetched from a different database. Therefore, a regular usage would only need one session per user, but the administrator he needs to make multiple logins viewing different data depending on that login.