Multi-Session implementation, suggestions?

[Exodus 4D]

I want to implement some kind of "multi-session" management to my SinglePageApp. 

• Each User has multiple Characters.
  
• I want to "allow" users, to have multiple "active" Characters at the same time: 1 Character per browser tab.
  

I use DB\SQL\SESSION(); for my current session handling. My Session is called by the following code, which always gives me the same session:

new DB\SQL\Session($this->getDB('PF'), 'sessions', true, function($session, $sid){
    $f3 = $this->getF3();
    if( ($ip = $session->ip() )!= $f3->get('IP') ){
        // IP address changed -> not critical
        self::getLogger('SESSION_SUSPECT')->write( sprintf(
            self::ERROR_SESSION_SUSPECT,
            $sid,
            $session->ip(),
            $f3->get('IP'),
            $f3->get('AGENT')
        ));
        // no more error handling here
        return true;
    }elseif($session->agent() != $f3->get('AGENT') ){
        // The default behaviour destroys the suspicious session.
        return false;
    }

    return true;
});

Is there a way to create/read/update/delete multiple sessions for a user?

Something like this: http://stackoverflow.com/a/24965106/4329969

• I know I have to find a way to tell PHP which session should be used (e.g. Cookie,... )
• I know I could store all the data in a single session but that is not what I want.
  

URL: https://www.pathfinder-w.space

Repo: https://github.com/exodus4d/pathfinder

[ved]

This is an interesting case but full disclosure: I never needed or ever considered anything of the kind so my opinion is "from the top of my head" for what it's worth.

If your "differentiator" is really just have the visitor use another tab in the same browser, then using multiple sessions seems like it wouldn't be the best option because sessions are mostly automated by the browser<->server through cookies/user agent/ip/etc. I'm sure there's some way to do it just with sessions (maybe), but personally and by giving it less than 5minutes thought I would do it like this:

I would use just a single session, and then maybe use separate session array keys for doing very basic state management. Then I would use an F3 route parameter (or a GET variable) to determine what the "active" or "in use" character is.

This would allow a visitor to (for example) open a tab on /character/char1 (or /character?active_char=char1) and another for /character/char2. Your code would have to depend on this last parameter in order to do it's thing.

If you ever need to save stuff in session, with this method, you can just save it inside $_SESSION[$_GET['active_char']]['something'].

Just my $0.02. I'm sure there's a lot of different ways to accomplish this, but imho, using different sessions is probably not the most efficient one.

[ikkez]

well, since you got a single page app, you could stick to the existing single session solution for your logged in USER, but add a custom Header for all your ajax requests.
So when the user logged in and selected the character, you could add something like

$.ajaxSetup({
    beforeSend: function (xhr)
    {
       xhr.setRequestHeader("PF-Char","ID=123456");        
    }
});

and use this accordingly from $f3['HEADERS']['PF-Char'] maybe? =)
that way you don't need to refactor too much routes and js code and still have a solution to have a different char per browser tab.

[Anatol Buchholz]

Nice solution Ikkez!

[Exodus 4D]

@ Ikkez: Indeed, very nice! I had something very similar in my mind for the frontend-part.

@ved: I think, Ill stick to a single session solution for now.
A Session that holds multiple active characters for a single user.