Thanks for the response Robin, I'm reading up on session.cookie_path now. It seems that this would require creating separate php.ini files for each application. On 4/20/06, Robin Vickery <robinv@xxxxxxxxx> wrote: > On 20/04/06, Ben Liu <blzabub8@xxxxxxxxx> wrote: > > Hello All, > > > > I'm using a single development server to host multiple client > > projects, many of which require session management. I've noticed that > > sometimes when I test these various web apps (which are simply in > > separate sub directories) I get session leakage where logging in and > > establishing a session on one app allows me access to (automatically > > logs me in) to other app(s) on the same server. Or sometimes a session > > variable will be set across all the apps, like $_SESSION['username']. > > > > Is this due to the fact that sessions are established between client > > browsers and servers, regardless of directory/sub directory? > > Yes - that's the default behaviour, although if you set > session.cookie_path separately for each app, they shouldn't share > session cookies. You might also want to look at session.save_path > which will allow each app to save their session files in a different > location. > > -robin > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
