This has been a very interesting discussion, as I have had the same
"problem," but never thought much about the fact that I could do
anything about it.
As to session save path, when I run phpinfo (at my remote Linux server)
it tells me that it is set to "no value." This means it would default to
/tmp. Where is this tmp directory? I have looked at the tmp directory
that is one level above my site's www directory (outside of the web
space), but I do not see any session data there. That's why I am asking
if it is a system wide directory, or is it the one in my home directory.
If I set the path myself, what would be a good location? (I assume it
should be outside the web space). Should I make up some random folder
name (one time) and story my session data within that directory, within
my own home directory?
Ben Liu wrote:
Hello All,
I'm using a single development server to host multiple client
projects, many of which require session management. I've noticed that
sometimes when I test these various web apps (which are simply in
separate sub directories) I get session leakage where logging in and
establishing a session on one app allows me access to (automatically
logs me in) to other app(s) on the same server. Or sometimes a session
variable will be set across all the apps, like $_SESSION['username'].
Is this due to the fact that sessions are established between client
browsers and servers, regardless of directory/sub directory?
What is the best way to avoid/prevent this problem? Should I be using
specific Session ID's or Session names?
Thanks for any help,
- Ben
--
*****************************
Chuck Anderson • Boulder, CO
http://www.CycleTourist.com
Integrity is obvious.
The lack of it is common.
*****************************
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
