On Wed, 2009-07-22 at 03:45 +0700, Lenin wrote:
> On Wed, Jul 22, 2009 at 3:24 AM, L.Guruprasad <lgp171...@gmail.com> wrote:
> > Hi,
> > Floyd Resler wrote:
> >
> >> Keep in mind that sessions are based on the domain.  I've run into
> >> situations where someone will be working in several different sites that we
> >> host.  Each site is accessed via http://domain/site.  Each site has it's
> >> own database, users, etc.  However, because they all hang off the same
> >> domain, they get one session.  That can really mess things up for the users
> >> as they go from site to site.  I got around this by using MySQL-based
> >> sessions.  It keeps things nice and separated.
> >>
> >> Take care,
> >> Floyd
> >>
> >
> > Will this be causing issues when http://1.a.b and http://2.a.b are the two
> > PHP sites running on the same web server using virtualhosts?
> >
> As Floyd suggested keeping your sessions in the DB will give you better
> session management and security as well.

Why would putting the session data in a database offer more security?
I'm not meaning to try and poke holes in your idea, I genuinely don't
know the answer!


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to