I am having a hard time understanding something related to PHP session. Currently I can have two users log in at the same time (user/admin): log in as a user, then open another browser window and log in as an administrator.
I don't want this thing. So I think the best solution is to check, before the submit of the login functionality is being triggered, to check if there is a session set, and if it is, to destroy it.
if (isset($_SESSION)) {
session_destroy();
}
But I am not sure, is this the best approach on doing it?