Sessions help

Okkie

I have a problem with sessions on 2 different sites. I created those sites myself. The problem is when i login on 1 of those and then just exit windows explorer. And later on return to the other site i'm logged in there with my username but the username doesn't exists on that site. So I think on some way the variables are passed between both of the sites.

Setup,

Sites on same server
I'm after the same pc when i have the problem (but the problem appears on more computers)
Same variables used in the sessions on both sites
I don't use session_name()

if i need to use session_name() plz help me out 😃

stolzyboy

you should probably post some of your code where you think the problem lies, that will make it much easier for us to help you

keith73

Are you passing the session id via url or cookie?
Are these sites subdomains of the same domain name? i.e. site1.example.com and site2.example.com or are they separated domains altogether i.e. example1.com and example2.com ?

and as stated by stolzyboy, please post some code. specifically the code that deals directly with the session management.

keith

Okkie

Mhh if i knew where the problem was 😃

I use:

session_start()

then i get login and put it in the session like this

$SESSION['userid'] = "1";
$SESSION['username'] = "jack";
$_SESSION['admin'] = "yes";

And the other pages get the info like this (example):

echo ($_SESSION['username']);

The problem is that the other site reads out the same info even if the explorer window is closed.
So when i go to the other site i see jack logged in. But the user doesn't even exists on the other site.

register_globals = on

The weird thing is that this is not always the case.

I don't pass session_ids, should I

stolzyboy

are you checking for logged sessions with an if condition, are you sure that condition is set up correctly?

Okkie

yes like this

if (isset($_SESSION['userid'])) {

}

if ($_SESSION['admin'] == "yes") {

}

But do I have to pass the session ids and how?

keith73

if you aren't seeing the session IDs in the url than chances are you are setting a cookie. IF the 2 sites are using the same domain name (but subdomains) then that's where the problem is.

if you set the cookie on site1.mydomain.com then go to site2.mydomain.com and the session cookie is set from *.mydomain.com then it will work anywhere.

Also, you don't seem to be checking the username, just the userid. If a userid exists on both sites, then it will be valid. The session already contains the username, and if you aren't checking it then it will just use that as the username.

example.

I login to site1 as jack, userid=15.
on site2 userid 15 is actually jill.

based on your session code, if I go to site 2, it will check to see if userid is set, say ok, your valid and will let me in.

I think you need to show us complete code for your authentication process and where you set the sessions then where you check them.

I'll reiterate my original question, are these 2 sites just subdomains of the same parent domain or separate domains altogether?

keith

Okkie

Found the solution, it was the same domain thank you