I have a login section on one of my php pages. Once the user is logged in I set a session variable called
$_SESSION['loggedIn'] = TRUE;
.
I use this to determine if a user can access specific areas of my site only if they are logged in which is standard. I also display a message called "Welcome, somename", somename being the name of the user.
Here is the problem I’m having and how I duplicate the problem:
- I open up two browser windows.
- I log in for a user on one of the browser windows(Browser#1) and I don’t login on the other browser window(Browser#2).
3)When I refresh Browser#2 I see that it displays the welcome message(described above) with the logged in users name that logged in from Browser #1.
[color=red]This is not good. 
[/color]
[color=black]It’s like one user knows about anothers session and can act like that user and wreak havoc. [/color]
Can someone tell me how this is possible and how to prevent this?
Any help would be appreciated.
Thanks
