On Thu, April 20, 2006 10:21 am, Ben Liu wrote: > I'm using a single development server to host multiple client > projects, many of which require session management. I've noticed that > sometimes when I test these various web apps (which are simply in > separate sub directories) I get session leakage where logging in and > establishing a session on one app allows me access to (automatically > logs me in) to other app(s) on the same server. Or sometimes a session > variable will be set across all the apps, like $_SESSION['username']. > > Is this due to the fact that sessions are established between client > browsers and servers, regardless of directory/sub directory? > > What is the best way to avoid/prevent this problem? Should I be using > specific Session ID's or Session names?
Yes, the server and the browser are using: Domain Name Path SESSID (session_name + ID) You could change any one of those to distinguish Session IDs. The easiest would probably be: http://php.net/session_name Or you could just call it a "feature" like MS Passport... :-) -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
