On Sun, Jan 23, 2011 at 11:45:30AM -0500, tedd wrote: > At 11:02 AM +0000 1/23/11, Ashley Sheridan wrote: > >On Sun, 2011-01-23 at 09:21 +0100, Thijs Lensselink wrote: > > > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >> On 01/23/2011 07:33 AM, Paul M Foster wrote: > >> > Storing any sort of login/auth data in cookies has regularly been > panned > >> > on this list. The preference seems to be to store whatever login/auth > >> > information *must* be stored in the $_SESSION variable. > >> > > >> > Well and good. My problem, however, is that I have multiple > applications > >> > in different tabs running on the same server, which may all use > the same > >> > sub-variables, like "username". As a result, they run into each other. > >> > One application will think I'm logged in when I'm not logged in to that > >> > application, but to another in the same browser on the same box. > >> > > >> > So my question is how to prevent this using the standard PHP functions > >> > relating to sessions. I'd like different applications in different tabs > >> > on the same box/browser to have different sessions, so they don't share > >> > data. > >> > > >> > Thoughts? > >> > > > > > Paul > > > > > >You can of course use arrays in your session as well: > > > >$_SESSION['app_name'] = Array( > > 'username' => 'John', > > 'user_id' => 1234, > > 'some other info' => 'another string', > >); > > > >I use this on my localhost sometimes, as it can be easier running tests > >and stuff than having to create a whole new host entry for it in my > >config files! > > > >Thanks, > >Ash > > Paul: > > Ash's method is a good one. > > You might also consider using uniqid() to create a unique ID for your > users and then use that ID for determining which user is which > instead of using username.
Here's the problem: using Ash's method, it appears that all sessions running on a given browser (different tabs) will be able to see all the values from the other sessions. I may only *use* the values for my payroll app, but I can also *see* the values for my customer app as well. The session_name() suggestion from the prior poster appears to force PHP to issue a separate session ID for each application/tab. This way, the each application/tab only sees the values applicable to it. This actually takes on greater importance, in that I tend to put error messages in the SESSION variable for display at the next page load. When all the applications share the same session cookie, the error messages tend to show up in the wrong applications. So I need each application to see a different session, if possible. Paul -- Paul M. Foster http://noferblatz.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php