Page 1 of 1

Old Session variables visible after new Session started

Posted: Tue Jun 09, 2009 10:08 pm
by noblegas
Hello,
I am using the same computer to develop several web apps at the same time and I am finding that my code below, executed in my one application will display SESSION data from a previous SESSION to another application I haven't used for hours. :banghead:

Code: Select all

if (isset($_SESSION)){
    print_r($_SESSION);
    return;
} else {
    echo 'no SESSION';
    return;
}
I am hoping someone has an answer because I want to feel sane again. :crazy:

Re: Old Session variables visible after new Session started

Posted: Wed Jun 10, 2009 1:23 am
by AlanG
The default time a session lasts is 180 minutes (3 hours). You can set session_cache_expire to overwrite this with a value that is more convenient. You can also run session_destroy to unset all session variables (including the session id, assuming the session id is dependant on the session).

Re: Old Session variables visible after new Session started

Posted: Wed Jun 10, 2009 10:26 am
by noblegas
AlanG

Thanks for your help. Before I create any headers or output I execute the following code
// * Config.php
session_save_path(SESS);
session_name(SESS_NAME);
$iHours = 2 * 60 * 60;
session_set_cookie_params($iHours,'/');
@ini_set('session.use_trans_sid', false);
@ini_set("session.use_cookies", "1");
@ini_set("session.use_only_cookies", "1");

// * index.php
session_start();
session_regenerate_id();

config.php is required_once() at the top of inde.php, and my design is switch boarded through index.php so that session_start and session_regenerate_id are called each time you request a page from the website (index.php?x=page_requested).

Since I am defining different folders to store the session information in I am still wondering why I am getting session data from a different application run on the same server when I execute print_r($_SESSION).

How am I handling SESSIONS wrong?

Re: Old Session variables visible in new Session started[SOLVED]

Posted: Wed Jun 10, 2009 11:25 am
by noblegas
Ok I found a solution.

What I did was correctly use session_save_path('myPathToSessionFolder'); before calling session_start();. I installed this logic into both web apps and the accessing of session data from the first app by the second app is now solved because they use different folders to save sessions.

This does not explain to me why I could see different session data, possibly because of sessionid in cookies, but I don't know for sure.

I think my decision to control the location for session data into separate folders for each application is more secure anyway.

Thanks for the help