Marek Kilimajer wrote: > Jason Barnett wrote: >> Valter Toffolo wrote: >> >>> ok i have one server with a single domain, each user have it's home >>> with a public_html so i get mydomain.com/~user1/ and >>> mydomain.com/~user2/ and so on. but each user might like to use >>> sessions so how can i make it work so that sessions would have each >>> one it's own variables and all...?? >>> >>> thanks, valter. >> >> >> What is the problem? If you have session support set in PHP then each >> user should be able to session_start etc. The default session handler >> that comes with PHP will allow each user to have their own session >> variables (technically they're indices in the $_SESSION superglobal >> array). >> >> Please check the PHP manual to see how to set up session support if >> that's what you're confused about. >> > > The problem is with cookies being common for all user directories. You'll have to be more specific than this. Are you worried about: 1) Cookie filename collision, so two users criss-cross cookies? 2) Cookie security, so user1 can read user2's cookie files 3) Malicous user2 filling up everybody's /tmp dir with zillion cookie files #1 is a non-problem, almost for sure. I don't think the OS+PHP will *ever* let your cookie files share a common name #2 separating them into different directories is not a whole lot of help... If I know his cookie files are in ~/user2 and follow the same naming conventions as the ones in my ~/user1 directory, I can still read them. #3 also separting the cookies is no help -- A full drive is a full drive. Unless you are doing a low-level partition separate for each user. > Each user should use session_set_cookie_params() to set the cookie path > to its own directory. And use of session_regenerate_id() is a must, else > user1 can set the cookie path to /~user2/ with lifetime till 2038 and... And what? Until we know what it is you think you're trying to "solve" we can't advise you. So far, all we've got is a stated desire to segregate cookie files for no apparent reason. I'm sure it's perfectly clear to you why you want this, but nobody else is getting it. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
