Re: Session contamination?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks for the response Robin, I'm reading up on session.cookie_path
now. It seems that this would require creating separate php.ini files
for each application.

On 4/20/06, Robin Vickery <robinv@xxxxxxxxx> wrote:
> On 20/04/06, Ben Liu <blzabub8@xxxxxxxxx> wrote:
> > Hello All,
> >
> > I'm using a single development server to host multiple client
> > projects, many of which require session management. I've noticed that
> > sometimes when I test these various web apps (which are simply in
> > separate sub directories) I get session leakage where logging in and
> > establishing a session on one app allows me access to (automatically
> > logs me in) to other app(s) on the same server. Or sometimes a session
> > variable will be set across all the apps, like $_SESSION['username'].
> >
> > Is this due to the fact that sessions are established between client
> > browsers and servers, regardless of directory/sub directory?
>
> Yes - that's the default behaviour, although if you set
> session.cookie_path separately for each app, they shouldn't share
> session cookies. You might also want to look at session.save_path
> which will allow each app to save their session files in a different
> location.
>
>   -robin
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux