1

I have a login system for /site, and /site/site-admin. My issue as of now is if I sign in on /site, /site/site-admin thinks you signed in as an admin (obviously an issue lol) I can't find any information on how to set the session only allowed to a directory, I've only found where to store the session data.

7
  • "I've only found where to store the session data": Same place (whatever that may be). Commented Nov 2, 2013 at 13:12
  • @geomagas You're referring to session_save_path ([ string $path ] ) ? Commented Nov 2, 2013 at 13:14
  • No, I'm referring to $_SESSION itself. Commented Nov 2, 2013 at 13:14
  • But my question is, how do I lock the $_SESSION data for /site to /site only, and /site/site-admin's respectively. Commented Nov 2, 2013 at 13:15
  • You simply don't need to. You're falling into a XY problem here. dir_I_logged_into is a session pareameter, isn't it? Commented Nov 2, 2013 at 13:17

1 Answer 1

3

What about using session_name() to create two different sessions for /site and /site/site-admin?

Simply call session_name("<sitename>") before you open your site session, and session_name("<sitename>-admin") before you open your session in the admin panel. Then you have two different session-cookies, session-ids and session-data for your two sites.


Edit:

If you need to share session data between /site and /site/site-admin, you might need another solution. In this case, store your data in $_SESSION['site'] instead of $_SESSION (or $_SESSION['site-admin'] resp.). For example: $_SESSION['site']['logged_in'] = true;

In this case, both sites share the same session, but do not access the same session data. Common data can be stored in any other array key ($_SESSION['common'] for example). But be aware: In this case the pure existance of a session does not mean that you are logged in or authorized.

Sign up to request clarification or add additional context in comments.

6 Comments

How about common session data?
What do you mean? Do you need to store data in your session that can be accessed by both /site and /site/site-admin?
Me? no, it's not my question. But the OP might. Or, most importantly, someone who bumps into this seeking a decent answer to a similar problem.
Ok. If somebody needs to share data between sessions, read my second suggested method (edited in my answer).
Much better. IMHO and just for the record, your edit should be your original answer, as it covers all cases in a much more consistent way. +1 nevertheless, but only for the second part.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.