Re: Different sessions, same client

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Jan 23, 2011 at 11:45:30AM -0500, tedd wrote:

> At 11:02 AM +0000 1/23/11, Ashley Sheridan wrote:
> >On Sun, 2011-01-23 at 09:21 +0100, Thijs Lensselink wrote:
> >
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> Hash: SHA1
> >>
> >> On 01/23/2011 07:33 AM, Paul M Foster wrote:
> >> > Storing any sort of login/auth data in cookies has regularly been
> panned
> >> > on this list. The preference seems to be to store whatever login/auth
> >> > information *must* be stored in the $_SESSION variable.
> >> >
> >> > Well and good. My problem, however, is that I have multiple
> applications
> >> > in different tabs running on the same server, which may all use
> the same
> >> > sub-variables, like "username". As a result, they run into each other.
> >> > One application will think I'm logged in when I'm not logged in to that
> >> > application, but to another in the same browser on the same box.
> >> >
> >> > So my question is how to prevent this using the standard PHP functions
> >> > relating to sessions. I'd like different applications in different tabs
> >> > on the same box/browser to have different sessions, so they don't share
> >> > data.
> >> >
> >> > Thoughts?
> >> >
> > > > Paul
> >
> >
> >You can of course use arrays in your session as well:
> >
> >$_SESSION['app_name'] = Array(
> >    'username' => 'John',
> >    'user_id' => 1234,
> >    'some other info' => 'another string',
> >);
> >
> >I use this on my localhost sometimes, as it can be easier running tests
> >and stuff than having to create a whole new host entry for it in my
> >config files!
> >
> >Thanks,
> >Ash
> 
> Paul:
> 
> Ash's method is a good one.
> 
> You might also consider using uniqid() to create a unique ID for your
> users and then use that ID for determining which user is which
> instead of using username.

Here's the problem: using Ash's method, it appears that all sessions
running on a given browser (different tabs) will be able to see all the
values from the other sessions. I may only *use* the values for my
payroll app, but I can also *see* the values for my customer app as
well.

The session_name() suggestion from the prior poster appears to force PHP
to issue a separate session ID for each application/tab. This way, the
each application/tab only sees the values applicable to it.

This actually takes on greater importance, in that I tend to put error
messages in the SESSION variable for display at the next page load. When
all the applications share the same session cookie, the error messages
tend to show up in the wrong applications. So I need each application to
see a different session, if possible.

Paul

-- 
Paul M. Foster
http://noferblatz.com


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux