I am seeking some advice on sessions. The website i am working on has a user area and an Admin area. The Users & Admins each have thier own login page and extract user/password information from seperate database tables.
The problem is if i login in under a user and then manually type the URL of an admin only page it recognizes a valid session and lets me pass through.
I was going to add a new function to extract the username from the session variable and compare it to the proper table and if it doesnt match then delete the session variable and redirect them to the login page. The only problem is if an admin has the same username as a general user. And also there is another complete step to be completed before a page is loaded.
Does anyone have any suggestion on how to differentiate between the two sessions. All advice is appreciated.