Posted by Gordon Burditt on 05/12/05 14:17

>Without going into the details of my code: is it possible to have two
>different users logged in at the same time?

It depends on what kind of login you are talking about.

>I had one page where I found the username correctly set, and another
>where it wasn't. (Just by checking <?= $_SERVER['PHP_AUTH_USER'] >? at
>the top of each page.)

>Wondering why it would be set for one page and not another (and as a
>sanity check) I wrote another page which sends the basic auth headers
>and so logged in again.

If you are dealing with a .htaccess basic login, and the authentication
realm (AuthName) is different, a browser can have lots of different
logins active (or not) on the same server. The browser uses the
authentication realm to determine which one to send.

>Now the first page shows my original username. All the other pages
>(which used to show username at all) now show the second username. I can
>freely switch between them too: it's very consistent. One page, user1.
>All the rest: user2.

Are the pages in different directories? While .htaccess can apply
different authentication to different pages, it's harder to do that
by accident in the same directory.

>I'm really confused. I didn't think it was possible to be logged in as
>two different users in the same browser against the same host at the
>same time.

It's easy to have lots of different applications, each with their
own directory and different AuthName, and potentially different
password files, on the same server.

Gordon L. Burditt

[Back to original message]