Firstly, my English is not too good.
Hi, I have problem with my project
I created a website that allows you to login from frontend (as member) and as admin. I login to both (frontend and backend) using a different username and password but once I logout from the backend, the frontend will logout too.
I think this is because I run the session_destroy() script, and it destroys all sessions including the frontend session.
I have tried to search for this using Zend Framework and Joomla with PHP
You should be creating different variables for different sessions..
Here are some of the examples which may get handy in case..
<?php
// you have to open the session to be able to modify or remove it
session_start();
// to change a variable, just overwrite it
$_SESSION['size']='large';
//you can remove a single variable in the session
unset($_SESSION['shape']);
// or this would remove all the variables in the session, but not the session itself
session_unset();
// this would destroy the session variables
session_destroy();
?>
Hope it helps..
I imagine this is your session when you're logged in as an admin:
$_SESSION['user']['id'] = 1;
$_SESSION['user']['group'] = 'admin';
...
However, this is your session when you're just a user:
$_SESSION['user']['id'] = 99;
Wherever your logout.php is located, do something similar to this:
if ($_SESSION['user']['group'] == 'admin')
$_SESSION['user']['group'] = null;
else
destroy_session();
I hope you got the idea!
Update
This might work:
/* Do NOT unset the $_SESSION['user']['role'] */
if ($_SESSION['user']['role'] == 'user') {
/* For Users */
$_SESSION['user']['login'] = false;
$_SESSION['user']['id'] = null;
$_SESSION['user']['last-visit'] = null;
$_SESSION['user']['ip'] = null;
}
if ($_SESSION['user']['role'] == 'admin') {
/* Unset Admin Specific Variables */
$_SESSION['admin']['login'] = false;
$_SESSION['admin']['id'] = null;
$_SESSION['admin']['last-visit'] = null;
$_SESSION['admin']['ip'] = null;
}
/* Get rid of session_destroy() */
// session_destroy();
By the way, you're just resetting the variables manually, which is somehow equal to destroying the session entirely, but still keeps the session alive for the other side.
Even Better
/* Assign the `user_id` to the session, when you log in ... */
/* login.php */
$_SESSION[$user_id] = array();
/* Now fill-up the new array with data ... */
$_SESSION[$user_id]['role'] = 'admin';
$_SESSION[$user_id]['login'] = true;
/* When you want to Log out, just simply null the array based on the user_id again */
/* logout.php */
$_SESSION[$user_id] = null;
/* Here you go, as long as you have different user_id in your database,
you have separated sessions! */