Sessions for different webs in same server

hkucsis

Hi,

I have serveral websites hosted in the same server (Tru64 + PHP 4.3.x + Apahce 1.3.27):

web1 - http://www.abc.com/app1/
web2 - http://www.abc.com/app2/
....

All websites will use session. My problem is the session variables set in web1 are visible in web2.

How can I avoid this?

Thanks for your time.

Michael

LordShryku

unset them...

hkucsis

Originally posted by LordShryku
unset them...

Thanks for your prompt reply.

The users may be browsing more then 1 web at the same time. Unset the session variables will cause problem in the other websites in the same server.

LordShryku

In that case, I'd suggest using different naming based on app. The session vars would still be there, but you wouldn't be using them, so it shouldn't matter.
eg.

# On app1
$_SESSION['app1']['var'] = value;

# On app2
$_SESSION['app2']['var'] = value;

hkucsis

Originally posted by LordShryku
In that case, I'd suggest using different naming based on app. The session vars would still be there, but you wouldn't be using them, so it shouldn't matter.
eg.
# On app1
$_SESSION['app1']['var'] = value;

# On app2
$_SESSION['app2']['var'] = value;
[/B]

Thanks. It can solve my problem.

As an alternative, is there an setting in apahce or php that can separate the sessions for different folders, as that server is shared by many users, I can't control how the others use session variables?

LordShryku

The sessions are handled by php, and I don't think there's a setting for that. You could write a new session handler though, if you were feeling frisky. Or search the net for one. There's tons out there for using a database to control your sessions, and I don't think it would be that hard to put this type of functionality in there.

pdaoust

or you could call session_name() at the beginning of each page (before you call session_start() -- this will not work if your PHP server is set to automatically start sessions). This sets the cookie name of the session, so you can have individually-named session cookies.

In app 1:

session_name('app1');
session_start();

In app 2:

session_name('app2');
session_start();

pdaoust

(p.s. I forgot to say: the session's cookie name is indeed set internally by PHP through php.ini's session.name directive. session_name() allows you to override that default.)

MarkR

What you really want to do is to set a session files path on the two apps such that they are different, and ideally not readable by the other app.

I am assuming this is for security. You can enable safe_mode and ensure that neither app can read the other's directory (by setting the params inside the Apache vhost config). Likewise, set the session_save_dir or whatever it's called, to these two directories.

Mark