I have a login system for /site, and /site/site-admin. My issue as of now is if I sign in on /site, /site/site-admin thinks you signed in as an admin (obviously an issue lol) I can't find any information on how to set the session only allowed to a directory, I've only found where to store the session data.
1 Answer
What about using session_name() to create two different sessions for /site and /site/site-admin?
Simply call session_name("<sitename>") before you open your site session, and session_name("<sitename>-admin") before you open your session in the admin panel. Then you have two different session-cookies, session-ids and session-data for your two sites.
Edit:
If you need to share session data between /site and /site/site-admin, you might need another solution. In this case, store your data in $_SESSION['site'] instead of $_SESSION (or $_SESSION['site-admin'] resp.). For example: $_SESSION['site']['logged_in'] = true;
In this case, both sites share the same session, but do not access the same session data. Common data can be stored in any other array key ($_SESSION['common'] for example). But be aware: In this case the pure existance of a session does not mean that you are logged in or authorized.
6 Comments
geomagas
How about common session data?
Markus Bauer
What do you mean? Do you need to store data in your session that can be accessed by both /site and /site/site-admin?
geomagas
Me? no, it's not my question. But the OP might. Or, most importantly, someone who bumps into this seeking a decent answer to a similar problem.
Markus Bauer
Ok. If somebody needs to share data between sessions, read my second suggested method (edited in my answer).
geomagas
Much better. IMHO and just for the record, your edit should be your original answer, as it covers all cases in a much more consistent way. +1 nevertheless, but only for the second part.
|
session_save_path ([ string $path ] )?$_SESSIONitself.dir_I_logged_intois a session pareameter, isn't it?