tags:

views:

42

answers:

1
Q: 

Need to kill a session?

Really quick here... I think I have the answer, but just looking for some validation.

I have a site with two "points of entry." One is for a standard user and one is for an admin account. In the real world, an admin could have a standard user account and try to login as an admin while already being under the standard user session.

I have two separate front ends to facilitate login. The normal user one is frilly and has ads and the like, the admin one is strictly business, so any suggestion to have the two user types login through the same "door" is not on the table.

Would you advise on the admin login page to destroy any active sessions? Once the admin is in, they'll only be tooling around in their admin area and not on the main site.

Has anyone run into probs using this method and having an admin-type user try to log back in in a new window as a "user" to view changes from a logged in user's prespective?

Thanks in advance. So many cans of worms :)

+1  A: 

Cans of worms yes. Having your admin sessions kill-off user sessions, also yes.

Personally, given what you described I'd keep both sets of sessions isolated from the other. Should allow you to include things in the sessions that helps reinforce the idea of users can't reach admin pages.

That said, you should not NEED to kill off the session. It should be possible to upgrade the existing session. I'd keep them separate because it would help me keep the two areas clear in my mind (which would help me avoid security errors).

acrosman  2010-04-06 01:51:49
Acrosman. Thanks. First off, thanks for being able to negotiate my line of questioning. I am in a hurried rush to finish something and the way I phrased the original question was convoluted.Anyhow, I do get your logic and it seems practical. At this moment though, I am looking for a quick and dirty, all-or-nothing approach that, as you mentioned, wards off any naughty users from thinking they could or should be able to get admin access.Thanks again
rob - not a robber  2010-04-06 01:57:06
this was a quickie and more of a confidence builder than a question. thanks for the guidance.
rob - not a robber  2010-04-06 02:02:55

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases