Page 1 of 1
Session does not destroy itself
Posted: Mon Jun 30, 2003 4:21 am
by Tubbietoeter
Hi guys!
I have a web that contains a lot of php sites. On each site I included session_start(), so that every one of that sites can access session vars.
As far as I am informed, if a user accesses a site that has no session_start() at the beginning, the session is destroyed.
Not here. The user leaves the web and returns to it, but the contents of the session variables are still there.
How can I have the session destroyed on exit of the web?
Thanks,
Steff
Posted: Mon Jun 30, 2003 4:24 am
by fatal
Usally sessions are destroyed when the brower closes, also theres session_destroy.
http://www.php.net/session_destroy
Posted: Mon Jun 30, 2003 4:29 am
by fatal
Also if you wanna see what i mean....
Go Here:
http://bleedingday.com/bd3/ (not finished)
You'll have to sign-up, then login. Its session based auth.
Once you are logged in, close the brower, then go back. You shouldnt be logged in when you go back.
I'll also glady delete you from my database if you want to.
Posted: Mon Jun 30, 2003 4:34 am
by Tubbietoeter
Oops your right ... should have read what session_start() does really do ...
Ehm but if you have several webs that have sessions, do they all use the same session?
In this case I maybe should prefix my variable names.
Or should I use session_name() ?
Posted: Mon Jun 30, 2003 4:38 am
by fatal
You can use mulit sessions vars... In my validation function I set:
Code: Select all
$_SESSION["user_name"] = $user_name;
$_SESSION["privs"] = $privs;
echo"You successfully logged in.";
And Thats all.
The you would call it the same way:
Code: Select all
<?php
echo $_SESSION['user_name'];
echo $_SESSION['privs'];
?>
Posted: Mon Jun 30, 2003 4:44 am
by Tubbietoeter
Yes but what if another web uses session vars with the same name, which I use in my session, and the session has not been destroyed when the user leaves my web and enters the other?
Posted: Mon Jun 30, 2003 4:49 am
by fatal
I really dont know what would happen, but also i dont think its that likely to happen.
Posted: Mon Jun 30, 2003 4:52 am
by Tubbietoeter
Well $_SESSION['user_name'] is not an uncommon variable name ...
so thats why I worry.
if a user logs in on my site and i set $_SESSION['user_name']=$user_name and he logs onto another site using $_SESSION['user_name'], the variable is already set, right?
Posted: Mon Jun 30, 2003 4:55 am
by fatal
Well, try it out aganist my site and see what happens. Im interest to see what happenes, if anything at all.
Posted: Mon Jun 30, 2003 5:03 am
by Tubbietoeter
if it was for private use i wouldn't care but i get paid for this stuff.
so i should try to work out all odds.
probably nothing will happen with your site, but thats not the problem here.
thanks a lot though ... ;o)
Posted: Mon Jun 30, 2003 5:04 am
by fatal
Anytime buddy.
Posted: Mon Jun 30, 2003 5:15 am
by twigletmac
The session will be for your site - i.e. it won't be taken over by another web site when they leave yours.
Mac
Posted: Mon Jun 30, 2003 5:56 am
by Tubbietoeter
@twigle
how does php know what is my web and which is an other?
for example i got two webs on my webserver
/www/web1
/www/web2
and each one has multiple php sites in different sub-folders
how does php determine what belongs to one web and what to another?
i guess I'm gonna use session_name() just in case ...
Posted: Mon Jun 30, 2003 6:21 am
by twigletmac
Do your sites share the same URL?
Mac
Posted: Mon Jun 30, 2003 6:56 am
by Tubbietoeter