NYCPHP Meetup

NYPHP.org

[nycphp-talk] $_SESSION, Logout, and Shared Host

Tim Lieberman tim_lists at o2group.com
Wed Nov 4 20:16:40 EST 2009 

It sounds like both applications are running on the same domain.  If  
that's not the case, something else is going on.

You have a couple of options, none of which might make you happy.

1) In your app, use a custom session name (session_name('MYSESSID')  
before you call session_start()).  You'll probably want to create a  
directory that the webserver can write to, and set session_save_path.

This should work nicely, unless you need to share session data with  
your colleage's appication.

If you do need both apps to access some shared session data,  you're  
stuck changing a bunch of references in code.  However, a global find/ 
replace to replace $_SESSION with $_SESSION['someKey'] will probably  
do the trick, and not be too painful.

Good luck.

-Tim



On Nov 4, 2009, at 6:54 PM, Christopher R. Merlo wrote:

> Hi.  I recently migrated my web app from my personal server to a  
> (*way* more powerful) shared server, where one of my colleagues also  
> hosts his app.  Both were written in PHP.  Due to neither one of us  
> having run into this before, if you are logged in to both apps at  
> the same time from the same browser (which happens; we share more  
> than a few students in common), and log out of one, you get logged  
> out of the other.  In my code, the logout routine is as follows:
>
> foreach( $_SESSION as $key=>$value ) {
>     unset( $_SESSION[ $key ] );
> }
>
> And his code is essentially the same (I think he might use a  
> session_destroy() or something).
>
> I know that if I add a layer to $_SESSION, like creating  
> $_SESSION[ 'my_app' ][ keys... ], and then only unset those upon  
> logout, I will prevent my students from logging out of any app other  
> than my own.  But that's a lot of code to change (not the logout  
> code, that's easy; but all the places I check to see if someone's  
> logged in) and besides, I imagine there has to be a better way.
>
> Please pretend that using a different physical or virtual server is  
> not possible, because it's essentially not (yay county budget!), so:  
> what's the PHP way to solve this problem?  Is there some way we can  
> namespace-ize our $_SESSION variables or something?
>
> Thanks,
> -Chris
> _______________________________________________
> New York PHP Users Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> http://www.nyphp.org/Show-Participation

More information about the talk mailing list