On 17 Jan 2012, at 02:21, Haluk Karamete wrote:

> Well Stuart,
> When I said this
>> In ASP, I create a virtual app at the IIS server - assigning a virtual
>> dir path to the app, and from that point on, any page being served
>> under that virtual path is treated as an isolated ASP app and thus the
>> sessions are kept isolated and not get mixed up by asp pages that do
>> not live under that virtual app path.
> I did not mean that aspect of the business which you replied to.  I
> did not mean that 2 user's session can get being mixed up. Of course,
> neither PHP nor ASP would allow that and that's all thru the current
> session cookie ID - which is nearly impossible to guess for somebody
> else's session cookie ID for that session time.
> Instead, I was meaning something totally different. Sorry for not
> being very clear about it. Here is another shot at it.
> Here, you are developing an app and the app is being developed under say
> domain.com/app1/. Let's call this app APP_1
> And this app got say 10 php files and these files use lots of some
> session vars to pass some data from one another. That's the case for
> APP_1.
> now you need a second app... which is totally different that APP_1.
> And that is to be developed under say the same server as say
> domain.com/APP_2/ and this one too has its 5 php files too.
> But there is nothing common between two apps.
> Now, ASP allows me to treat these apps ( APP_1 and APP_2 ) as two
> separate apps ( virtual apps they call it ) and once I do that  ( and
> that's thru the IS settings ), the sessions vars I store in APP_1 does
> not get overwritten by the APP_2, even though they may or may not
> share the ame names... With that,  I can set up a session var "Age" as
> 43 right there in APP_1 and I can have another session variable in the
> other app, still named as "Age" where I store age value as a string,
> something like say  "middle-age". If I weren't create these virtual
> apps at IIS, ASP would have overwritten the value 43 with the value
> middle-age and vice versa back and forth.
> I'm trying to understand if the same flexibility is available or not with PHP.
> I should be able to go the APP_1 and do a _SESSION dump and I should
> see 10 session variables in there and then I should be able to go
> APP_2 and there I should se only 8. That's the case with classic ASP.

Of course. I did touch on this in my reply but I obviously wasn't verbose 
enough. Sessions are tied to an ID, and that ID is (usually) stored in a 
cookie. Therefore the cookie is what links a session to a user, and it's the 
limits on that cookie that determine the level of isolation.

In the case you describe above, the default behaviour would be for both apps to 
share the session because the cookie would be set on domain.com with the 
default path of /. You can change the path with the session.cookie_path 
setting. See here for more details: 

Basically, each app would need to use the ini_set function to set 
session.cookie_path to /APP_1 or /APP_2 accordingly, before calling 
session_start. That will effectively isolate the sessions for the two apps in 
the same way that virtual directories do in ASP.

Hope that makes it clearer.


Stuart Dallas
3ft9 Ltd
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to