RE: [PHP] Different sessions, same client
> -Original Message- > From: Donovan Brooke [mailto:li...@euca.us] > Sent: Monday, January 24, 2011 7:49 AM > Cc: php-general@lists.php.net > Subject: Re: [PHP] Different sessions, same client > > [snip] > > > session_name(uniqid()); > > session_start(); > > echo session_id(); > > ?> > > > > YAY! it worked!! > > > > so then i tried this: > > > session_name(uniqid()); > > session_start(); > > $_SESSION['t_'. time()] = time(); > > echo session_id(); > > echo ''; > > print_r($_SESSION); > > echo ''; > > ?> > > > > and it doesn't preserve the older session information... so I must be > > doing something wrong. I can assume that because the name is being > > regenerated new each time, that the old "previous" session is > > destroyed (which would make sense) but then how can *I* ensure that > > each session is going to be unique enough, but preserve "old" session > > information too? > > > > I know it has to be possible, as my bank doesn't allow multiple tabs > > while online banking. > > > > /sigh the joys of protecting users from themselves... > > > Hello, > What seems to be missing from this thread is talk about the root of the > problem. You would never want to create the same cookie name for alike > web-apps for the very reason Paul has discovered. Session_name works > because it changes the name of the PHP session cookie. This is important for > CMS builders, Forum builders, or other app builders etc.. > That's exactly part of the 1st point of 3 points I've described in another thread. We don't exactly know the current/future requirements of the business, the different apps being used, who developed those apps, in what way are each app's data need be interconnected/shared, etc. So we can only give suggestions based on limited info disclosure for whatever the reason maybe, perhaps security or something else. Regards, Tommy > Paul mentions: > "Storing any sort of login/auth data in cookies has regularly been panned on > this list. The preference seems to be to store whatever login/auth > information *must* be stored in the $_SESSION variable." > > Well, there are only 2 ways that I know of to retain *state* in a web app (no > matter what web server-side language you are working with), which are > cookies or passing a variable in all links... so I would re-phrase Paul's > statement above to say, to retain state, there is > *always* some reference to login data (whether direct or indirect > (encrypted)), but right, it's not a good idea to store AUTH info. > > Extending Tedd's suggestion, Instead of a unique ID for a session name > (most often session *cookie*), I really prefer a hash of something that > results in a recognizable cookie name over something random. In my > opinion only, it is a bit shady to create a cookie that is unrecognizable. At > the least, when I am managing my own cookies, I will delete "wierd" cookie > names. What I usually do for sessions is create a cookie name that is based > on the domain, and also lists the word "session"... so a format something > like: > > _session > > A format such as above lets the user know right away where the cookie > comes from and what it does. I would post code, but I haven't written the > hash in PHP yet. > > One last note about this hash, I always include a default to the IP address in > the case of development, or if the site does not have a domain name. > > Oh, and one last last note, Accessing a web app with localhost does not > work well with cookies either.. so in my hash, I redirect those who access > my app from "localhost" to the localhost IP (127.0.0.1) right away. > > I know that last part is a bit complicated, but I help write the hash if the > list > is interested. I was really surprised to find no mention of this on the PHP's > examples of sessions. > > Sorry for the long post! > > Donovan > > > > -- > D Brooke > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Different sessions, same client
[snip] YAY! it worked!! so then i tried this: '; print_r($_SESSION); echo ''; ?> and it doesn't preserve the older session information... so I must be doing something wrong. I can assume that because the name is being regenerated new each time, that the old "previous" session is destroyed (which would make sense) but then how can *I* ensure that each session is going to be unique enough, but preserve "old" session information too? I know it has to be possible, as my bank doesn't allow multiple tabs while online banking. /sigh the joys of protecting users from themselves... Hello, What seems to be missing from this thread is talk about the root of the problem. You would never want to create the same cookie name for alike web-apps for the very reason Paul has discovered. Session_name works because it changes the name of the PHP session cookie. This is important for CMS builders, Forum builders, or other app builders etc.. Paul mentions: "Storing any sort of login/auth data in cookies has regularly been panned on this list. The preference seems to be to store whatever login/auth information *must* be stored in the $_SESSION variable." Well, there are only 2 ways that I know of to retain *state* in a web app (no matter what web server-side language you are working with), which are cookies or passing a variable in all links... so I would re-phrase Paul's statement above to say, to retain state, there is *always* some reference to login data (whether direct or indirect (encrypted)), but right, it's not a good idea to store AUTH info. Extending Tedd's suggestion, Instead of a unique ID for a session name (most often session *cookie*), I really prefer a hash of something that results in a recognizable cookie name over something random. In my opinion only, it is a bit shady to create a cookie that is unrecognizable. At the least, when I am managing my own cookies, I will delete "wierd" cookie names. What I usually do for sessions is create a cookie name that is based on the domain, and also lists the word "session"... so a format something like: _session A format such as above lets the user know right away where the cookie comes from and what it does. I would post code, but I haven't written the hash in PHP yet. One last note about this hash, I always include a default to the IP address in the case of development, or if the site does not have a domain name. Oh, and one last last note, Accessing a web app with localhost does not work well with cookies either.. so in my hash, I redirect those who access my app from "localhost" to the localhost IP (127.0.0.1) right away. I know that last part is a bit complicated, but I help write the hash if the list is interested. I was really surprised to find no mention of this on the PHP's examples of sessions. Sorry for the long post! Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Different sessions, same client
> -Original Message-
> From: Steve Staples [mailto:sstap...@mnsi.net]
> Sent: Monday, January 24, 2011 6:31 AM
> To: Tommy Pham
> Cc: 'Paul M Foster'; php-general@lists.php.net
> Subject: RE: [PHP] Different sessions, same client
>
> On Sun, 2011-01-23 at 17:40 -0800, Tommy Pham wrote:
> > > -Original Message-
> > > From: Tommy Pham [mailto:tommy...@gmail.com]
> > > Sent: Sunday, January 23, 2011 5:23 PM
> > > To: 'Paul M Foster'
> > > Cc: 'php-general@lists.php.net'; 'Thijs Lensselink'
> > > Subject: RE: [PHP] Different sessions, same client
> > >
> > > > -Original Message-
> > > > From: Thijs Lensselink [mailto:d...@lenss.nl]
> > > > Sent: Sunday, January 23, 2011 12:21 AM
> > > > To: php-general@lists.php.net
> > > > Subject: Re: [PHP] Different sessions, same client
> > > >
> > > > -BEGIN PGP SIGNED MESSAGE-
> > > > Hash: SHA1
> > > >
> > > > On 01/23/2011 07:33 AM, Paul M Foster wrote:
> > > > > Storing any sort of login/auth data in cookies has regularly
> > > > > been panned on this list. The preference seems to be to store
> > > > > whatever login/auth information *must* be stored in the $_SESSION
> variable.
> > > > >
> > > > > Well and good. My problem, however, is that I have multiple
> > > > > applications in different tabs running on the same server, which
> > > > > may all use the same sub-variables, like "username". As a
> > > > > result, they run into
> > > > each other.
> > > > > One application will think I'm logged in when I'm not logged in
> > > > > to that application, but to another in the same browser on the same
> box.
> > > > >
> > > > > So my question is how to prevent this using the standard PHP
> > > > > functions relating to sessions. I'd like different applications
> > > > > in different tabs on the same box/browser to have different
> > > > > sessions, so they don't share data.
> > > > >
> > > > > Thoughts?
> > > > >
> > > > > Paul
> > > > >
> > > >
> > > >
> > > > Using session_name will allow you to run two different sessions in
> > > > the same browser.
> > > >
> > > > session_name('app1');
> > > > session_start();
> > >
> > > Paul,
> > >
> > > I'd would go with session_name($_SERVER['SCRIPT_NAME']) or
> > > session_name(substr($_SERVER['SCRIPT_NAME'], 0,
> > > strripos($_SERVER['SCRIPT_NAME'], '/')). My regex skills sucks so I
> > > can't give you a sample using regex. But you get the idea.
> > >
> > > It's easier to get a particular app's relevant data to the URL while
> > > not hard coding the session name, eventually giving your app(s) more
> > > flexibility especially if you may have multiple URLs mapped to an
> > > app serving different purposes/clients.
> > >
> > > Regards,
> > > Tommy
> >
> > Forgot to mention that this assumes your app's design is MVC like with a
> single point entry only.
> >
> >
>
> Hey guys...
>
> I too once tried this, basically so that I could stop users logging in on
> multiple tabs, and if they did, then it would kill the previous login (or not
> allow them to be logged in as they would be logged in still). I had so many
> issues, that I abandoned it.
>
> After reading this thread, I thought I would try Tommy's suggestion about
> using a unique named session... so I just tried this:
>
> session_name(uniqid());
> session_start();
> echo session_id();
> ?>
>
> YAY! it worked!!
>
> so then i tried this:
> session_name(uniqid());
> session_start();
> $_SESSION['t_'. time()] = time();
> echo session_id();
> echo '';
> print_r($_SESSION);
> echo '';
> ?>
>
> and it doesn't preserve the older session information... so I must be doing
> something wrong. I can assume that because the name is being
> regenerated new each time, that the old "previous" session is destroyed
> (which would make sense) but then how can *I* ensure that each session is
> going to be unique enough, but preserve "old" session information too?
>
> I know it
RE: [PHP] Different sessions, same client
On Sun, 2011-01-23 at 17:40 -0800, Tommy Pham wrote:
> > -Original Message-
> > From: Tommy Pham [mailto:tommy...@gmail.com]
> > Sent: Sunday, January 23, 2011 5:23 PM
> > To: 'Paul M Foster'
> > Cc: 'php-general@lists.php.net'; 'Thijs Lensselink'
> > Subject: RE: [PHP] Different sessions, same client
> >
> > > -Original Message-
> > > From: Thijs Lensselink [mailto:d...@lenss.nl]
> > > Sent: Sunday, January 23, 2011 12:21 AM
> > > To: php-general@lists.php.net
> > > Subject: Re: [PHP] Different sessions, same client
> > >
> > > -BEGIN PGP SIGNED MESSAGE-
> > > Hash: SHA1
> > >
> > > On 01/23/2011 07:33 AM, Paul M Foster wrote:
> > > > Storing any sort of login/auth data in cookies has regularly been
> > > > panned on this list. The preference seems to be to store whatever
> > > > login/auth information *must* be stored in the $_SESSION variable.
> > > >
> > > > Well and good. My problem, however, is that I have multiple
> > > > applications in different tabs running on the same server, which may
> > > > all use the same sub-variables, like "username". As a result, they
> > > > run into
> > > each other.
> > > > One application will think I'm logged in when I'm not logged in to
> > > > that application, but to another in the same browser on the same box.
> > > >
> > > > So my question is how to prevent this using the standard PHP
> > > > functions relating to sessions. I'd like different applications in
> > > > different tabs on the same box/browser to have different sessions,
> > > > so they don't share data.
> > > >
> > > > Thoughts?
> > > >
> > > > Paul
> > > >
> > >
> > >
> > > Using session_name will allow you to run two different sessions in the
> > > same browser.
> > >
> > > session_name('app1');
> > > session_start();
> >
> > Paul,
> >
> > I'd would go with session_name($_SERVER['SCRIPT_NAME']) or
> > session_name(substr($_SERVER['SCRIPT_NAME'], 0,
> > strripos($_SERVER['SCRIPT_NAME'], '/')). My regex skills sucks so I can't
> > give
> > you a sample using regex. But you get the idea.
> >
> > It's easier to get a particular app's relevant data to the URL while not
> > hard
> > coding the session name, eventually giving your app(s) more flexibility
> > especially if you may have multiple URLs mapped to an app serving
> > different purposes/clients.
> >
> > Regards,
> > Tommy
>
> Forgot to mention that this assumes your app's design is MVC like with a
> single point entry only.
>
>
Hey guys...
I too once tried this, basically so that I could stop users logging in
on multiple tabs, and if they did, then it would kill the previous login
(or not allow them to be logged in as they would be logged in still). I
had so many issues, that I abandoned it.
After reading this thread, I thought I would try Tommy's suggestion
about using a unique named session... so I just tried this:
YAY! it worked!!
so then i tried this:
';
print_r($_SESSION);
echo '';
?>
and it doesn't preserve the older session information... so I must be
doing something wrong. I can assume that because the name is being
regenerated new each time, that the old "previous" session is destroyed
(which would make sense) but then how can *I* ensure that each session
is going to be unique enough, but preserve "old" session information
too?
I know it has to be possible, as my bank doesn't allow multiple tabs
while online banking.
/sigh the joys of protecting users from themselves...
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Different sessions, same client
> -Original Message-
> From: Tommy Pham [mailto:tommy...@gmail.com]
> Sent: Sunday, January 23, 2011 5:23 PM
> To: 'Paul M Foster'
> Cc: 'php-general@lists.php.net'; 'Thijs Lensselink'
> Subject: RE: [PHP] Different sessions, same client
>
> > -Original Message-
> > From: Thijs Lensselink [mailto:d...@lenss.nl]
> > Sent: Sunday, January 23, 2011 12:21 AM
> > To: php-general@lists.php.net
> > Subject: Re: [PHP] Different sessions, same client
> >
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> >
> > On 01/23/2011 07:33 AM, Paul M Foster wrote:
> > > Storing any sort of login/auth data in cookies has regularly been
> > > panned on this list. The preference seems to be to store whatever
> > > login/auth information *must* be stored in the $_SESSION variable.
> > >
> > > Well and good. My problem, however, is that I have multiple
> > > applications in different tabs running on the same server, which may
> > > all use the same sub-variables, like "username". As a result, they
> > > run into
> > each other.
> > > One application will think I'm logged in when I'm not logged in to
> > > that application, but to another in the same browser on the same box.
> > >
> > > So my question is how to prevent this using the standard PHP
> > > functions relating to sessions. I'd like different applications in
> > > different tabs on the same box/browser to have different sessions,
> > > so they don't share data.
> > >
> > > Thoughts?
> > >
> > > Paul
> > >
> >
> >
> > Using session_name will allow you to run two different sessions in the
> > same browser.
> >
> > session_name('app1');
> > session_start();
>
> Paul,
>
> I'd would go with session_name($_SERVER['SCRIPT_NAME']) or
> session_name(substr($_SERVER['SCRIPT_NAME'], 0,
> strripos($_SERVER['SCRIPT_NAME'], '/')). My regex skills sucks so I can't
> give
> you a sample using regex. But you get the idea.
>
> It's easier to get a particular app's relevant data to the URL while not hard
> coding the session name, eventually giving your app(s) more flexibility
> especially if you may have multiple URLs mapped to an app serving
> different purposes/clients.
>
> Regards,
> Tommy
Forgot to mention that this assumes your app's design is MVC like with a single
point entry only.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Different sessions, same client
> -Original Message-
> From: Thijs Lensselink [mailto:d...@lenss.nl]
> Sent: Sunday, January 23, 2011 12:21 AM
> To: php-general@lists.php.net
> Subject: Re: [PHP] Different sessions, same client
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 01/23/2011 07:33 AM, Paul M Foster wrote:
> > Storing any sort of login/auth data in cookies has regularly been
> > panned on this list. The preference seems to be to store whatever
> > login/auth information *must* be stored in the $_SESSION variable.
> >
> > Well and good. My problem, however, is that I have multiple
> > applications in different tabs running on the same server, which may
> > all use the same sub-variables, like "username". As a result, they run into
> each other.
> > One application will think I'm logged in when I'm not logged in to
> > that application, but to another in the same browser on the same box.
> >
> > So my question is how to prevent this using the standard PHP functions
> > relating to sessions. I'd like different applications in different
> > tabs on the same box/browser to have different sessions, so they don't
> > share data.
> >
> > Thoughts?
> >
> > Paul
> >
>
>
> Using session_name will allow you to run two different sessions in the same
> browser.
>
> session_name('app1');
> session_start();
Paul,
I'd would go with session_name($_SERVER['SCRIPT_NAME']) or
session_name(substr($_SERVER['SCRIPT_NAME'], 0,
strripos($_SERVER['SCRIPT_NAME'], '/')). My regex skills sucks so I can't give
you a sample using regex. But you get the idea.
It's easier to get a particular app's relevant data to the URL while not hard
coding the session name, eventually giving your app(s) more flexibility
especially if you may have multiple URLs mapped to an app serving different
purposes/clients.
Regards,
Tommy
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Different sessions, same client
On Sun, Jan 23, 2011 at 11:45:30AM -0500, tedd wrote: > At 11:02 AM + 1/23/11, Ashley Sheridan wrote: > >On Sun, 2011-01-23 at 09:21 +0100, Thijs Lensselink wrote: > > > >> -BEGIN PGP SIGNED MESSAGE- > >> Hash: SHA1 > >> > >> On 01/23/2011 07:33 AM, Paul M Foster wrote: > >> > Storing any sort of login/auth data in cookies has regularly been > panned > >> > on this list. The preference seems to be to store whatever login/auth > >> > information *must* be stored in the $_SESSION variable. > >> > > >> > Well and good. My problem, however, is that I have multiple > applications > >> > in different tabs running on the same server, which may all use > the same > >> > sub-variables, like "username". As a result, they run into each other. > >> > One application will think I'm logged in when I'm not logged in to that > >> > application, but to another in the same browser on the same box. > >> > > >> > So my question is how to prevent this using the standard PHP functions > >> > relating to sessions. I'd like different applications in different tabs > >> > on the same box/browser to have different sessions, so they don't share > >> > data. > >> > > >> > Thoughts? > >> > > > > > Paul > > > > > >You can of course use arrays in your session as well: > > > >$_SESSION['app_name'] = Array( > >'username' => 'John', > >'user_id' => 1234, > >'some other info' => 'another string', > >); > > > >I use this on my localhost sometimes, as it can be easier running tests > >and stuff than having to create a whole new host entry for it in my > >config files! > > > >Thanks, > >Ash > > Paul: > > Ash's method is a good one. > > You might also consider using uniqid() to create a unique ID for your > users and then use that ID for determining which user is which > instead of using username. Here's the problem: using Ash's method, it appears that all sessions running on a given browser (different tabs) will be able to see all the values from the other sessions. I may only *use* the values for my payroll app, but I can also *see* the values for my customer app as well. The session_name() suggestion from the prior poster appears to force PHP to issue a separate session ID for each application/tab. This way, the each application/tab only sees the values applicable to it. This actually takes on greater importance, in that I tend to put error messages in the SESSION variable for display at the next page load. When all the applications share the same session cookie, the error messages tend to show up in the wrong applications. So I need each application to see a different session, if possible. Paul -- Paul M. Foster http://noferblatz.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Different sessions, same client
At 11:02 AM + 1/23/11, Ashley Sheridan wrote: On Sun, 2011-01-23 at 09:21 +0100, Thijs Lensselink wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/23/2011 07:33 AM, Paul M Foster wrote: > Storing any sort of login/auth data in cookies has regularly been panned > on this list. The preference seems to be to store whatever login/auth > information *must* be stored in the $_SESSION variable. > > Well and good. My problem, however, is that I have multiple applications > in different tabs running on the same server, which may all use the same > sub-variables, like "username". As a result, they run into each other. > One application will think I'm logged in when I'm not logged in to that > application, but to another in the same browser on the same box. > > So my question is how to prevent this using the standard PHP functions > relating to sessions. I'd like different applications in different tabs > on the same box/browser to have different sessions, so they don't share > data. > > Thoughts? > > > Paul You can of course use arrays in your session as well: $_SESSION['app_name'] = Array( 'username' => 'John', 'user_id' => 1234, 'some other info' => 'another string', ); I use this on my localhost sometimes, as it can be easier running tests and stuff than having to create a whole new host entry for it in my config files! Thanks, Ash Paul: Ash's method is a good one. You might also consider using uniqid() to create a unique ID for your users and then use that ID for determining which user is which instead of using username. Cheers, tedd -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Different sessions, same client
On Sun, 2011-01-23 at 09:21 +0100, Thijs Lensselink wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 01/23/2011 07:33 AM, Paul M Foster wrote:
> > Storing any sort of login/auth data in cookies has regularly been panned
> > on this list. The preference seems to be to store whatever login/auth
> > information *must* be stored in the $_SESSION variable.
> >
> > Well and good. My problem, however, is that I have multiple applications
> > in different tabs running on the same server, which may all use the same
> > sub-variables, like "username". As a result, they run into each other.
> > One application will think I'm logged in when I'm not logged in to that
> > application, but to another in the same browser on the same box.
> >
> > So my question is how to prevent this using the standard PHP functions
> > relating to sessions. I'd like different applications in different tabs
> > on the same box/browser to have different sessions, so they don't share
> > data.
> >
> > Thoughts?
> >
> > Paul
> >
>
>
> Using session_name will allow you to run two different sessions in the
> same browser.
>
> session_name('app1');
> session_start();
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iQIcBAEBAgAGBQJNO+TpAAoJEMffsHAOnubXzHYQAI86mjCR49uWTPYweFim9e+K
> EtU4KnFfXkQj+Qp0YYjjuiAW0muRywbjKkwuAmw7fO/v9DrbGILAvnneNX7OR9cM
> TBh66J6anuLB3UmItrmFqP2VKgWaLG7KHf0wExfv3duzJkRqp5Y8NQG1Ep8aXA0U
> 8N2VHQ1ki9ukHeIWcPI4l5558j0NE/5BsiWgJIgTC/CovDjdNYln9vszkmFw0g2G
> vJore2V3OIBcmLhqpcITSNK4FcaNWIKnrRWnlCgoAzA1WUCQXnmv0nJMZ0P9xtzk
> iYt2lkBvlGEJ8lnZoAo83XRsQ1oI6vLFwf5xDkI4OGnAsOIzmX3RzStxXyz9o5th
> VyIHtj8R40Rk6eI6L5xE4w1l58JTFMPdgaFk5Ku/v8i8UGDWjWHC0Qhob14w+H32
> RQUtx9dBsYKYT9ZHIkxAQYDc9nTdgajRzo0ONqmzPTS9Qb7NTcjiC9pb1bHBjubA
> M4zJnyO5N7IUy0FmMyS7PG8saCgJDSYj+stvoCC9Kd0eDRBKs+M5cRLpnXem/Yf8
> KG+clIe5+7X9l1TC7uT84HxZYSZCcuwuvRyBUIZknagyREQvLhaFX1OPZ/vk3n6S
> j7k77oFpcCRjkPVKZeUqFAENEY1J7p6DBEkTz9gRkA+islnSIt8rjz+0wYYg0goy
> b3C3ThlftPWwcOBuRQOP
> =ZBm8
> -END PGP SIGNATURE-
>
You can of course use arrays in your session as well:
$_SESSION['app_name'] = Array(
'username' => 'John',
'user_id' => 1234,
'some other info' => 'another string',
);
I use this on my localhost sometimes, as it can be easier running tests
and stuff than having to create a whole new host entry for it in my
config files!
Thanks,
Ash
http://www.ashleysheridan.co.uk
Re: [PHP] Different sessions, same client
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/23/2011 07:33 AM, Paul M Foster wrote:
> Storing any sort of login/auth data in cookies has regularly been panned
> on this list. The preference seems to be to store whatever login/auth
> information *must* be stored in the $_SESSION variable.
>
> Well and good. My problem, however, is that I have multiple applications
> in different tabs running on the same server, which may all use the same
> sub-variables, like "username". As a result, they run into each other.
> One application will think I'm logged in when I'm not logged in to that
> application, but to another in the same browser on the same box.
>
> So my question is how to prevent this using the standard PHP functions
> relating to sessions. I'd like different applications in different tabs
> on the same box/browser to have different sessions, so they don't share
> data.
>
> Thoughts?
>
> Paul
>
Using session_name will allow you to run two different sessions in the
same browser.
session_name('app1');
session_start();
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBAgAGBQJNO+TpAAoJEMffsHAOnubXzHYQAI86mjCR49uWTPYweFim9e+K
EtU4KnFfXkQj+Qp0YYjjuiAW0muRywbjKkwuAmw7fO/v9DrbGILAvnneNX7OR9cM
TBh66J6anuLB3UmItrmFqP2VKgWaLG7KHf0wExfv3duzJkRqp5Y8NQG1Ep8aXA0U
8N2VHQ1ki9ukHeIWcPI4l5558j0NE/5BsiWgJIgTC/CovDjdNYln9vszkmFw0g2G
vJore2V3OIBcmLhqpcITSNK4FcaNWIKnrRWnlCgoAzA1WUCQXnmv0nJMZ0P9xtzk
iYt2lkBvlGEJ8lnZoAo83XRsQ1oI6vLFwf5xDkI4OGnAsOIzmX3RzStxXyz9o5th
VyIHtj8R40Rk6eI6L5xE4w1l58JTFMPdgaFk5Ku/v8i8UGDWjWHC0Qhob14w+H32
RQUtx9dBsYKYT9ZHIkxAQYDc9nTdgajRzo0ONqmzPTS9Qb7NTcjiC9pb1bHBjubA
M4zJnyO5N7IUy0FmMyS7PG8saCgJDSYj+stvoCC9Kd0eDRBKs+M5cRLpnXem/Yf8
KG+clIe5+7X9l1TC7uT84HxZYSZCcuwuvRyBUIZknagyREQvLhaFX1OPZ/vk3n6S
j7k77oFpcCRjkPVKZeUqFAENEY1J7p6DBEkTz9gRkA+islnSIt8rjz+0wYYg0goy
b3C3ThlftPWwcOBuRQOP
=ZBm8
-END PGP SIGNATURE-
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Different sessions, same client
Storing any sort of login/auth data in cookies has regularly been panned on this list. The preference seems to be to store whatever login/auth information *must* be stored in the $_SESSION variable. Well and good. My problem, however, is that I have multiple applications in different tabs running on the same server, which may all use the same sub-variables, like "username". As a result, they run into each other. One application will think I'm logged in when I'm not logged in to that application, but to another in the same browser on the same box. So my question is how to prevent this using the standard PHP functions relating to sessions. I'd like different applications in different tabs on the same box/browser to have different sessions, so they don't share data. Thoughts? Paul -- Paul M. Foster http://noferblatz.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
