#1561 (ok 4.5) Being able to use multiple servers at the same time when using cookie auth

[ZeWaren]

Setup:

• 1 phpMyAdmin installation (4.2.10.1), configured to use cookie auth.
• 3 different MySQL servers.

Problem:
Only one server is usable at the same time in the same browser.

How to reproduce:

• Open phpMyAdmin and log-in into a first MySQL server.
• Browse a few pages to ensure everything is working fine.
• Open a new tab in the same browser and open phpMyAdmin again.
• Log-in into a second server.
• Browse a few pages on said second server to ensure everything is working fine.
• Now go back to the first server and try to navigate to any page, like the database list.

The session on the first server is then closed, and the log-in form is displayed with error "Your session has expired. Please log in again.".

I dug into the source code to understand what was going on.
The PHP session identifier is stored into cookie "phpMyAdmin". Each time a user logs in, this cookie is overwritten.

Then, only the corresponding session can work, otherwise a token mismatch error is generated in libraries/common.inc.php (line 462, variable $token_mismatch).

Do you plan to make this work in the future?

[Madhura Jayaratne]

PR: https://github.com/phpmyadmin/phpmyadmin/pull/1563

[Madhura Jayaratne]

PR: https://github.com/phpmyadmin/phpmyadmin/pull/1762