Why are two different users able to login with one session?

Go To StackoverFlow.com


I am using codeigniter and I have an is_logged_in session setup. User X and User Y log in and no outsider can login to the system. However, User X logs in and can access User Y's dashboard in the same session. How do I make sure User X only access his contents using the session.

private function is_logged_in()
    $is_logged_in = $this->session->userdata('is_logged_in');
    if(!isset($is_logged_in) || $is_logged_in != TRUE){
        return FALSE;
    return TRUE;
2012-04-04 04:44
by Ali Gajani
You are only checking to see if the user is logged in here. You should fetch the logged in user's ID and then use that to fetch the right contents (as Broncha suggests).

BTW. You say that you are "allready doing that", but I can't see it anywhere in this code? If you do have it somewhere (I presume it would be the userdata(), please post the code segmen - Bono 2012-04-04 07:05


User X has his own ID. So when you fetch the contents from database or somewhere you make sure you fetch only the contents which belongs to that ID

2012-04-04 04:49
by Broncha
I am already doing that. I need to make sure that user X does not access user Y. That's the thing - Ali Gajani 2012-04-04 04:55
Show the code you're using then.. - Damien Pirsy 2012-04-04 04:58
@AliGajani Yes post the code you are using to set the session and the code you are using after the user logs in to fetch his content - Broncha 2012-04-04 04:59
@Broncha Check edi - Ali Gajani 2012-04-04 05:23