PHP switching tabs in browsers causes session not work and must relogin
I have a password protected area of a site that I use Sessions to allow the user to move from page to page of the protected area. However if I open new tab YET keep the other tab open (the one in the protected area) and then do somethings in the new tab and switch back then to the old tab I am forced to re login. I have tried setting the expiration date to twenty minutes between sessions but I am having no luck. Any ideas?
// set expiration time of 20 mins session_cache_expire (20); $cache_expire = session_cache_expire();
This guy does a better job of explaining it:
If two different files don't access the same session, it can only mean one thing: they aren't on the same directory level. Examples: a) One is under https, and one is under http. (very common and annoying error) b) One is under /, another is under /dir1, and /dir1 was first to run. The cookie created by the session is for /dir1 and deeper only, so the other script can't read it; it sees no session so it starts a new one.
1) Session start should always happen at root dir. If one of your scripts discovers user is not logged in, for example, use session_destroy() and send him to the login in the root dir. Scripts that use session without requiring login needs more creative solutions, like redirecting to the root dir, setting the session, and redirecting back.
2) Use SID from page to page, instead of cookies. The upside is that this also works with http/https. The downside is very ugly URL codes and more difficult maintainability ('which pages links to gallery.php without using SID?!').