0

I've a problem. I've created a web app where the person logs in and many $_SESSION[...] are set. The point I found weird is that if I log in in the folder http://demo.site.com/ and I log in in http://webapp2.site.com I get the session data mixed up in the two web apps...

This is the code in the checkentry.php (which check the person is logged in before sending it to the main page:

<?php
session_start();
    if(isset($_SESSION['autenticated']) && $_SESSION['autenticated'] == TRUE && isset($_COOKIE["login"]) && $_COOKIE["login"] == $_SESSION['ssnid']){
        if (!isset($_SERVER['HTTPS']) ){
            //header('Location: https://'.$_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"].'');
        }   
        return true;
    }else{
        require_once("config.php");
        $logout_connect = mysql_connect($db_host, $db_user, $db_pass);
        if (!$logout_connect){
            die('Impossibile connettersi: ' . mysql_error());
        }else{
            mysql_select_db($db_name, $logout_connect);
            mysql_query("DELETE FROM sessions WHERE ssnid = '".$_SESSION['ssnid']."' AND userid = '".$_SESSION['userid']."'");
            setcookie("login", "", time()-3600);
        }
        session_destroy();
        header("location: login.php?requested");
    }
?>

So the problem is the fact that If I'm logged in in both web app (and in the same domain has many web-apps in different folders) I get the $_Session data mixed.

[EDIT] When I log out from app1.site.com I get logged out from app2.site.com too...

What did I do wrong and how to fix it?

Tku

Improve this question
4
  • php.net/manual/en/function.session-save-path.php Commented Apr 7, 2013 at 11:35
  • would you please explain it in more detail? what do you mean by mix up? Commented Apr 7, 2013 at 11:36
  • 1
    This question has some good insights on this problem: stackoverflow.com/questions/1064243/… Commented Apr 7, 2013 at 11:39
  • @nikparsa: Let's say in the checklogin.php the password and user are correct there are many $_SESSION[...] set (like: $_SESSION['name'] = "App One") and when logging in the App2 the name is "App One" because they get mixed up... Commented Apr 7, 2013 at 12:09

1 Answer 1

Reset to default
1

You can use a pre title for all session variables and change pre title in each web applications.

APP1

$pre = "app1";
if(isset($_SESSION[$pre.'autenticated']) && $_SESSION[$pre.'autenticated'] == TRUE) {}

APP2

$pre = "app2";
if(isset($_SESSION[$pre.'autenticated']) && $_SESSION[$pre.'autenticated'] == TRUE) {}

$pre can define in config.php

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Bravissimo! That's a good one. Tks, I'll try it and let you know. What about session_destroy()? Because if I log out from one I get logged out from the other one too as I get session destroyed... P.S: Do you think this can cause security issue?
You can use session_unregister($pre.'var1'); session_unregister($pre.'var2'); , ... to logout from each app.
OK, as I have MANY Session variables is there a way to do them all @ once? (perhaps session_unregister($pre.'*'); ???? )
Use this: foreach($_SESSION as $key => $value) if(substr($key,0,strlen($pre))==$pre) session_unregister($key);

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.