Re: sessions and expirations and isolations

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



great exp. now I'm heading towards the
http://www.php.net/manual/en/session.configuration.php#ini.session.cookie_path.

you definitely deserved a good  chocolate cookie!

On Mon, Jan 16, 2012 at 6:38 PM, Stuart Dallas <stuart@xxxxxxxx> wrote:
> On 17 Jan 2012, at 02:21, Haluk Karamete wrote:
>
>> Well Stuart,
>>
>> When I said this
>>
>>> In ASP, I create a virtual app at the IIS server - assigning a virtual
>>> dir path to the app, and from that point on, any page being served
>>> under that virtual path is treated as an isolated ASP app and thus the
>>> sessions are kept isolated and not get mixed up by asp pages that do
>>> not live under that virtual app path.
>>
>> I did not mean that aspect of the business which you replied to.  I
>> did not mean that 2 user's session can get being mixed up. Of course,
>> neither PHP nor ASP would allow that and that's all thru the current
>> session cookie ID - which is nearly impossible to guess for somebody
>> else's session cookie ID for that session time.
>>
>> Instead, I was meaning something totally different. Sorry for not
>> being very clear about it. Here is another shot at it.
>>
>> Here, you are developing an app and the app is being developed under say
>> domain.com/app1/. Let's call this app APP_1
>> And this app got say 10 php files and these files use lots of some
>> session vars to pass some data from one another. That's the case for
>> APP_1.
>>
>> now you need a second app... which is totally different that APP_1.
>> And that is to be developed under say the same server as say
>> domain.com/APP_2/ and this one too has its 5 php files too.
>>
>> But there is nothing common between two apps.
>>
>> Now, ASP allows me to treat these apps ( APP_1 and APP_2 ) as two
>> separate apps ( virtual apps they call it ) and once I do that  ( and
>> that's thru the IS settings ), the sessions vars I store in APP_1 does
>> not get overwritten by the APP_2, even though they may or may not
>> share the ame names... With that,  I can set up a session var "Age" as
>> 43 right there in APP_1 and I can have another session variable in the
>> other app, still named as "Age" where I store age value as a string,
>> something like say  "middle-age". If I weren't create these virtual
>> apps at IIS, ASP would have overwritten the value 43 with the value
>> middle-age and vice versa back and forth.
>>
>> I'm trying to understand if the same flexibility is available or not with PHP.
>> I should be able to go the APP_1 and do a _SESSION dump and I should
>> see 10 session variables in there and then I should be able to go
>> APP_2 and there I should se only 8. That's the case with classic ASP.
>
> Of course. I did touch on this in my reply but I obviously wasn't verbose enough. Sessions are tied to an ID, and that ID is (usually) stored in a cookie. Therefore the cookie is what links a session to a user, and it's the limits on that cookie that determine the level of isolation.
>
> In the case you describe above, the default behaviour would be for both apps to share the session because the cookie would be set on domain.com with the default path of /. You can change the path with the session.cookie_path setting. See here for more details: http://www.php.net/manual/en/session.configuration.php#ini.session.cookie_path
>
> Basically, each app would need to use the ini_set function to set session.cookie_path to /APP_1 or /APP_2 accordingly, before calling session_start. That will effectively isolate the sessions for the two apps in the same way that virtual directories do in ASP.
>
> Hope that makes it clearer.
>
> -Stuart
>
> --
> Stuart Dallas
> 3ft9 Ltd
> http://3ft9.com/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux