yes,
I think my issue is similar to this guy on this stackoverflow page. I read through prograhammer's respond. His solution seems simpler and so I tried to implement it.
- In my member DB Table, I created a field called "sessionID (Char32)"
- When user login, grab existing SessionID in DB
- If his current ID and DB Session ID is different, get DB Session ID and destroy it, then assign new current ID
Problem I encountered: When I login on a different browser, I got kicked out immediately, but when I login again, there is no issue. Also any browser I previously logged in is now Logged Out (This part is working correctly)
The part I don't understand is how do I actually destroy the PREVIOUS sessionID (the one in DB), and assign new current Session ID?
After user enter loginID and PW in login Page:
//Current Session ID
$sessionID = session_id();
//Get previous DB Session ID
$sql = mysql_query("select * from member where emailid = '".$user_email."' and pwd = '".$user_password."'");
$row = mysql_fetch_array($sql);
$DBSessionID=$row[sessionID];
//If current Session ID & SessionID in DB not the same
if($sessionID != $DBSessionID)
{
session_id($DBSessionID);
session_start();
session_destroy();
session_commit();
session_id($sessionID);
session_start();
mysql_query("update member set sessionID='$sessionID' where emailid='$user_email'");
}
//Else if no SessionID in DB - Update with current Session ID
else if ($DBSessionID == "")
{
mysql_query("update member set sessionID='$sessionID' where emailid='$user_email'");
}
Kind regards
