Page 1 of 1

unique session for a given site

Posted: Tue Feb 14, 2006 9:08 am
by ed209
Hi,

I develop various sites with log in areas. I test them all on my Mac and when time is short I grab a login area from one project and use it in the next.

I've noticed that unless I log out of each site before developing / testing the next, I get the old session variables getting mixed up. i.e. $_SESSION['user'] is the same session variable name for site A and site B.

What I'd like to be able to do is make sure that sessions are only referred to for a particular site. As all my locally running sites are all at the same IP I think the sessions are getting muddled.

Any ways round this ? Will this be a problem in the real world if someone visits 2 sites that I've made, however unlikely?


Thanks,
Ed.

Posted: Tue Feb 14, 2006 9:11 am
by feyd
when the server is localhost, set the session to have the path of this particular project.

$_SERVER['HTTP_HOST']
session_set_cookie_params()

Posted: Tue Feb 14, 2006 9:29 am
by ed209
I've just tried this and it doesn't seem to work. I'm not sure I get it!

I've created 2 folders on localhost. The folders named differently, with the variable $path_to_session set appropriately to each folder, but with the same session variable.

Echoing the session variable outputs the same text - although it should be different, depending on which url I go to.

Code: Select all

<?php

$path_to_session = $_SERVER['HTTP_HOST']."/~uName/theSiteFolder/";
session_set_cookie_params (0, $path_to_session);

session_start();

$_SESSION['test'] = (isset($_SESSION['test'])) ? $_SESSION['test'] : 'SomeValue' ;

echo $_SESSION['test'];


?>

Posted: Tue Feb 14, 2006 9:32 am
by feyd
unless your url is: http://hostname/hostname/~uName/theSiteFolder that won't work.

remove your concatenation of HTTP_HOST.

Posted: Tue Feb 14, 2006 10:15 am
by ed209
Thanks feyd, that's working now.

Is it something I should carry over to the live site also. I'm not sure if I should just use $_SESSION or if I should customise the session for any give site (as you've explained with session_set_cookie_params()).

Posted: Tue Feb 14, 2006 10:29 am
by feyd
I'd make the code specific to your site, but write it such that moving to another site will not really harm it, although it may need changing if they have sessions from other parts of the server. Alternately, you could change the name of the session, or create your own form of sessions.

Posted: Tue Feb 14, 2006 11:48 am
by josh
Couldn't you just use a different sessionID name for each site on the host?

Instead of the default PHPSESSID of whatever do MYSITEA and MYSITEB