1

When someone logs in on my website, it will output information just for that user and so on. But there is a problem as it seems it doesn't recognise different users. If I log in two users on the website, first one will become second one... here is my code at the start of each page

?php
session_start();

require_once 'loginDetails.php';
$db_server = mysql_connect("$db_hostname", "$db_username",
"$db_password");

if (!$db_server) die("Unable to connect to MySQL: " . mysql_error());

mysql_select_db($db_database)
or die("Unable to select database: " . mysql_error());

if (isset($_SESSION['username']))
{
  $user = $_SESSION['username'];
  $query = mysql_query("SELECT * FROM cssh_students_table WHERE StudentUserName =  '$user'");
  $query1 = mysql_fetch_row($query);
  $course = $query1[10];
  $year = $query1[6];
  $email = $query1[4];
  $loggedin = TRUE;
}
else
{
$loggedin = FALSE;
}

if ($loggedin == FALSE)
{
session_unset();  
session_destroy();  
header('Location: ../index.html');
}
?>
maxim fedotov
  • 87
  • 3
  • 6

2 Answers2

0

session_destroy() is not guaranteed to kill your session cookie. Your problem is probably because your original session cookie still exists.

See this related question.

Additional (Not Related)

Doing a SELECT * and then accessing the results using integer indexes is a bad practice that will eventually cause you problems some day when the database structure is changed. Either SELECT the items you need, or use mysql_fetch_assoc and access the values by name.

Community
  • 1
  • 1
AndrewR
  • 6,668
  • 1
  • 24
  • 38
0

There can be many solutions for that.

For us, we need to do that kind of thing in development. For each user we want to open, we use an anonymous browser window. Another solution could be to use a different domain name for each user you want to login (with a dns wildcard).

Sylvain
  • 1,518
  • 1
  • 15
  • 15