On a fitness website I’m working on, I use php
$_SESSION to recall the user’s username across the various php scripts that my pages use.
I had a tab open in Chrome that was logged in to one of my testuser accounts on a fitness website I was working on.
As I wanted to test the Update BMI feature on another user account, I opened a second tab and login-ed to another testuser account. The feature worked successfully, and my second user BMI was updated in the database.
However, when I went back to my first tab and tried the feature for my first user, it updated the BMI for the second user, not the first. This alarmed me immediately. I refreshed the page and realised I was actually now logged into the second testuser account.
This must be because a browser cannot store two different set of session variables. Is there anyway to allow a browser to do so?