"Gaylen Fraley" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I am experiencing a problem of trying to run several variants of the same
> code and keep the sessions separate. Here is the scenario.
>
> I am launching all of this from a CMS. So, the CMS displays a page that
has
> 3 links on it. Link 1 is version A of an application, Link 2 version B,
> etc. The three links are all the same application but different builds,
in
> essence. They all have the same session control code. They each launch a
> new window, but the session variables are staying in the pool for each
link,
> which is not acceptable. When I call Link1 and then I call Link2, they
need
> to have an independent pool (session). I have tried to unregister,
> destroy, unset, to no avail.
>
> Is there a way, or am I out of luck? Hard coding is not an option, as the
> code has to be standard across all platforms and releases.
Sounds similar to a problem I had. I had a production site, and then in
a sub-directory below it, a testing/development site. The code was
essentially the same.
The problem was that a user could log in as an administrative user in
the testing system, then change their URL to the production site, and keep
their session from the testing site!
Obviously not acceptable. (grin)
My solution was to include a ChangedSite function that gets called on
every page access. When a user loggs in, the base address of the site is
stored in their session variable.
If they go to a different page, then the ChangedSite function will
detect it because the base sites are different. The session is destroyed,
and a security warning is thrown up.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
