Ben Liu wrote:
Hi Dave,
Thanks, I think the method recommended by Robin using the function
ini_set() would work, but somehow I think this could be done in
simpler fashion by setting separate session names for each app, unless
I am misunderstanding the use of session_name(). Trying this out
now...
passing a different/unique value to session_name() should avoid inadvertent
contamination.
[http://php.net/manual/en/function.session-name.php]
Robin's second suggestion of setting the save path can be done with
session_save_path() as well as via ini_set().
[http://php.net/manual/en/function.session-save-path.php]
Robin's first suggestion is the one I would implement first, you can set the
[url]path for which a given session is valid by way of the session_set_cookie_params()
function, the path can also be set via ini_set('session.cookie_path', '/my/app/example')
note that session_name() and session_save_path() must be called before you
call session_start()
I recommend going through the info at http://php.net/manual/en/ref.session.php
in order to get a better 'feel' of how to use sessions 'properly'
- Ben
On 4/20/06, Dave Goodchild <buddhamagnet@xxxxxxxxx> wrote:
You can use ini_set to alter this value locally (until the script exits) in
the script itself, which saves having to use a separate ini file if that is
the only value you want to change.
On 20/04/06, Ben Liu <blzabub8@xxxxxxxxx> wrote:
Thanks for the response Robin, I'm reading up on session.cookie_path
now. It seems that this would require creating separate php.ini files
for each application.
On 4/20/06, Robin Vickery < robinv@xxxxxxxxx> wrote:
On 20/04/06, Ben Liu <blzabub8@xxxxxxxxx> wrote:
Hello All,
I'm using a single development server to host multiple client
projects, many of which require session management. I've noticed that
sometimes when I test these various web apps (which are simply in
separate sub directories) I get session leakage where logging in and
establishing a session on one app allows me access to (automatically
logs me in) to other app(s) on the same server. Or sometimes a session
variable will be set across all the apps, like $_SESSION['username'].
Is this due to the fact that sessions are established between client
browsers and servers, regardless of directory/sub directory?
Yes - that's the default behaviour, although if you set
session.cookie_path separately for each app, they shouldn't share
session cookies. You might also want to look at session.save_path
which will allow each app to save their session files in a different
location.
-robin
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
http://www.web-buddha.co.uk
dynamic web programming from Reigate, Surrey UK
look out for project karma, our new venture, coming soon!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
