[Resolved] 2 session issues

limeonade

I'm using sessions to password protect a few php pages and there are a few problems I want to clear up and I'm hoping someone can help.

I have 3 password protected pages. 2 are using the same password and the third is a different one (2 different password protected areas in total).
The problem: when I log off of one area, I destroy the session and that also destroys the other password protected area. How do I make it only destroy the session for it's own area.
In one of my password protected areas I have links to unprotected pages. PHP automatically appends the session id to the link.
The problem: This is not W3C valid (XHTML). Since it is a link to a non-protected page I do not want it to append the session id. Is there any way to deal with that?[/list=1]

Cailean

1) I think if you use two password variables in the session array and unset them individually rather than destroying the session, you will be able manage two protected areas.

// when setting the passwords (not necessarily together)
$_SESSION['pass1']=$pass1;  // area 1
$_SESSION['pass2']=$pass2;  // area 2

// when loggin out from area 1:
session_unset($SESSION['pass1']);

// area 2 should still still be accessible - you could put in a line to destroy the session if BOTH password variables are empty - just to be on the safe side.

2) I think the solution here is to just include the session_start() on all pages including the unprotected ones - just don't require the presence of any $_SESSION variables and it will be viewable by everyone while maintaining the session for logged in users.

limeonade

1) I think if you use two password variables in the session array and unset them individually rather than destroying the session, you will be able manage two protected areas.

If I set them with different session ids would that make them 2 different sessions?

Cailean

ok, forget what I said about passwords in the $_SESSION variable... that doesn't make much sense (I'm not getting nearly enough sleep these days!)...

what you want to do is when a user logs into protected area #1, set a session variable like: $_SESSION['access1']='logged in'

In each of the protected pages in area1, only display the content if $_SESSION['access1']=='logged in', else give a 'you must log in' message.

Same goes for access area #2.

When the user logs out of area #2, either unset $_SESSION['access2'] or change its value to 'logged out'.

limeonade

Makes sense to me =) thanks for your help.
By the way, do you go to school in Waterloo? It's known as university town, no?

Cailean

With two Universities on the same block, it really can't be anything BUT a university town.

I'm at Wilfrid Laurier... for just a few more weeks!