Thanks Jochem, this should give me all I need to solve this problem. -Ben On 4/20/06, Jochem Maas <jochem@xxxxxxxxxxxxx> wrote: > Ben Liu wrote: > > Hi Dave, > > > > Thanks, I think the method recommended by Robin using the function > > ini_set() would work, but somehow I think this could be done in > > simpler fashion by setting separate session names for each app, unless > > I am misunderstanding the use of session_name(). Trying this out > > now... > > passing a different/unique value to session_name() should avoid inadvertent > contamination. > [http://php.net/manual/en/function.session-name.php] > > Robin's second suggestion of setting the save path can be done with > session_save_path() as well as via ini_set(). > [http://php.net/manual/en/function.session-save-path.php] > > Robin's first suggestion is the one I would implement first, you can set the > [url]path for which a given session is valid by way of the session_set_cookie_params() > function, the path can also be set via ini_set('session.cookie_path', '/my/app/example') > > note that session_name() and session_save_path() must be called before you > call session_start() > > I recommend going through the info at http://php.net/manual/en/ref.session.php > in order to get a better 'feel' of how to use sessions 'properly' > > > > > - Ben > > > > On 4/20/06, Dave Goodchild <buddhamagnet@xxxxxxxxx> wrote: > > > >>You can use ini_set to alter this value locally (until the script exits) in > >>the script itself, which saves having to use a separate ini file if that is > >>the only value you want to change. > >> > >> > >> On 20/04/06, Ben Liu <blzabub8@xxxxxxxxx> wrote: > >> > >> Thanks for the response Robin, I'm reading up on session.cookie_path > >>now. It seems that this would require creating separate php.ini files > >>for each application. > >> > >>On 4/20/06, Robin Vickery < robinv@xxxxxxxxx> wrote: > >> > >>>On 20/04/06, Ben Liu <blzabub8@xxxxxxxxx> wrote: > >>> > >>>>Hello All, > >>>> > >>>>I'm using a single development server to host multiple client > >>>>projects, many of which require session management. I've noticed that > >>>>sometimes when I test these various web apps (which are simply in > >>>>separate sub directories) I get session leakage where logging in and > >>>>establishing a session on one app allows me access to (automatically > >>>>logs me in) to other app(s) on the same server. Or sometimes a session > >>>>variable will be set across all the apps, like $_SESSION['username']. > >>>> > >>>>Is this due to the fact that sessions are established between client > >>>>browsers and servers, regardless of directory/sub directory? > >>> > >>>Yes - that's the default behaviour, although if you set > >>>session.cookie_path separately for each app, they shouldn't share > >>>session cookies. You might also want to look at session.save_path > >>>which will allow each app to save their session files in a different > >>>location. > >>> > >>> -robin > >>> > >> > >>-- > >>PHP General Mailing List (http://www.php.net/) > >>To unsubscribe, visit: http://www.php.net/unsub.php > >> > >> > >> > >> > >>-- > >>http://www.web-buddha.co.uk > >>dynamic web programming from Reigate, Surrey UK > >> > >>look out for project karma, our new venture, coming soon! > > > > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
