开发者

How to access php sessions on different computers

I'm doing some exercises on using sessions in php. I set it up this way:

$_SESSION['log_users'][] = array(array('Username'=>$username))

I tried to experiment on it. And found out that the session that is being generated is different when I use a different ip for accessing it. While using the same browser, which is firefox.

Here is what I did:

  1. Setup my router so that others will be able to access the exercise that I'm working on through the use of my external ip address.
  2. I then opened the localhost version of the exercise:

    http://localhost/exercise/sessions.php

  3. Then the one using the external ip address:

    http://201.xxx.xxx/exercise/sessions.php

  4. I then filled up the session array on each browser tab. And found out that each of those two keeps a different version of the session. Found out by using print_r($_SESSION['log_users'])

Is this really the way it should behave? Is there anything I can do so that there's only one version of the session? I'm currently using 开发者_StackOverflowWampserver 2.1


The session is stored on server side and a session cookie is created on client side to identify the current session of browser which holds current session id.

The session cookie is stored based on the domain you are using to access the site.

Since you are using different domain one is localhost and another is ip which will create two different sessions.

When you visit pages through localhost domain. It will create session and store session cookie on the domain localhost. If you visit another page on same domain system will check if the session cookie exists it resume the old session and does not create new one.

While the same time if you access through ip the session cookie is not stored for this ip yet then system assume that there is no active session for this user and will start a new session and session cookie is stored for based on this ip.

This is the way how session works.

Hope this helps.


The session cookie is bound to a domain name. When you first access it, it will be bound to the localhost domain.

If you then point your browser to the 201.xx.xx.xx address, the domain name will no longer match. And your browser will not send this cookie again. This is why a new session will be generated. Even though it is factually the same server.


In your case only $_SESSION will not be helpful for you. You should try with $_SESSION and Database also.

You should synchronize your session and database session record.

System will check your entry in database. If you have entry available then it will directly generate session for your site. This way only one login can be available for all browsers.


While the answer from Shakti Singh may be technically correct. The goal you seem to be trying to achieve is imo not reachable that way.

The way with session_id() plus database may look roughly like:

  • start session
  • tie session_id to username (in database)
From my checkpass.php
...

// Connects to your Database

...

    session_start();
    $sql = 'SELECT * FROM `login` WHERE `user`="xxUserxx"';
    $result = $db->query($sql);
    $row = $result->fetch_row();
        if ($_POST['passwort'] == $row[0])
        {
            if (!$db -> query('UPDATE `login` SET `sessionid`="'.session_id().'" WHERE `user`="xxUserxx"'))
            {
                die('UPDATE `login` SET `sessionid`="'.session_id().'" WHERE `user`="xxUserxx"<br>Was not able to create session in database! '.$db->error);
            }
            header('Location: backtothecalling.php');
            exit;
        }
        else
        {
            ?>
            <form action="" method="post">
                <input type="password" size="13"  maxlength="13" name="passwort" autofocus=TRUE required>
                <input type="submit" value="login">
            </form>
            <?php
        }

  • check regularly if this login is still active and valid.

// Connects to your Database

...

        //Already logged in? ...
        session_start(); #Starts or continues a session. this gives you a session id.
        $sql = 'SELECT * FROM `login` WHERE `user`="xxUserxx"';
        if (!$result = $db->query($sql))
        {
            die("Couldn't get user data from database. Message: ".$db->error);
        }
        $row = $result->fetch_row(); #In $row[1] is now the session_id from the last successful login.
        if (session_id() != $row[1]) #Check for valid login (compare actual session_id with the one in db).
        {
                                                #If not already logged in, checkpass.php gives a
                                                #login screen and asks for login factors,
            header ('Location: checkpass.php'); #and will store valid session_id in db.
            exit;
        }
    #From here on you are correctly logged in, continue with whatever you want to do here with the user (in my case there is only one user, so keep that in mind if you miss username checks in my code).

...
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜