great exp. now I'm heading towards the http://www.php.net/manual/en/session.configuration.php#ini.session.cookie_path. you definitely deserved a good chocolate cookie! On Mon, Jan 16, 2012 at 6:38 PM, Stuart Dallas <stuart@xxxxxxxx> wrote: > On 17 Jan 2012, at 02:21, Haluk Karamete wrote: > >> Well Stuart, >> >> When I said this >> >>> In ASP, I create a virtual app at the IIS server - assigning a virtual >>> dir path to the app, and from that point on, any page being served >>> under that virtual path is treated as an isolated ASP app and thus the >>> sessions are kept isolated and not get mixed up by asp pages that do >>> not live under that virtual app path. >> >> I did not mean that aspect of the business which you replied to. I >> did not mean that 2 user's session can get being mixed up. Of course, >> neither PHP nor ASP would allow that and that's all thru the current >> session cookie ID - which is nearly impossible to guess for somebody >> else's session cookie ID for that session time. >> >> Instead, I was meaning something totally different. Sorry for not >> being very clear about it. Here is another shot at it. >> >> Here, you are developing an app and the app is being developed under say >> domain.com/app1/. Let's call this app APP_1 >> And this app got say 10 php files and these files use lots of some >> session vars to pass some data from one another. That's the case for >> APP_1. >> >> now you need a second app... which is totally different that APP_1. >> And that is to be developed under say the same server as say >> domain.com/APP_2/ and this one too has its 5 php files too. >> >> But there is nothing common between two apps. >> >> Now, ASP allows me to treat these apps ( APP_1 and APP_2 ) as two >> separate apps ( virtual apps they call it ) and once I do that ( and >> that's thru the IS settings ), the sessions vars I store in APP_1 does >> not get overwritten by the APP_2, even though they may or may not >> share the ame names... With that, I can set up a session var "Age" as >> 43 right there in APP_1 and I can have another session variable in the >> other app, still named as "Age" where I store age value as a string, >> something like say "middle-age". If I weren't create these virtual >> apps at IIS, ASP would have overwritten the value 43 with the value >> middle-age and vice versa back and forth. >> >> I'm trying to understand if the same flexibility is available or not with PHP. >> I should be able to go the APP_1 and do a _SESSION dump and I should >> see 10 session variables in there and then I should be able to go >> APP_2 and there I should se only 8. That's the case with classic ASP. > > Of course. I did touch on this in my reply but I obviously wasn't verbose enough. Sessions are tied to an ID, and that ID is (usually) stored in a cookie. Therefore the cookie is what links a session to a user, and it's the limits on that cookie that determine the level of isolation. > > In the case you describe above, the default behaviour would be for both apps to share the session because the cookie would be set on domain.com with the default path of /. You can change the path with the session.cookie_path setting. See here for more details: http://www.php.net/manual/en/session.configuration.php#ini.session.cookie_path > > Basically, each app would need to use the ini_set function to set session.cookie_path to /APP_1 or /APP_2 accordingly, before calling session_start. That will effectively isolate the sessions for the two apps in the same way that virtual directories do in ASP. > > Hope that makes it clearer. > > -Stuart > > -- > Stuart Dallas > 3ft9 Ltd > http://3ft9.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
