PHP Sessions

[benbacardi]

i have two sites running on the same server, one at www.bpcu.co.uk and one in www.bpcu.co.uk/forum - however, they have different logins, and if you login to one, it completely ruins the other one because it's trying to use the other one's session variables... how can i stop this? can you restrict session variables to one folder? or something lol

any help would be much appreciated

[grahame]

The default session for the session.cookie_path is /, which means that they cookie issued by one application will be passed to the other. And the default cookie name is PHPSESSID which means they've both got the same name and conflict.

Both session.cookie_path and session.name can be changed in various places including your scripts (but you probably don't want to mess with those), in the php.ini file (but it will change for both applications so do you know good) on in .htaccess files .... so ... in the file $_SERVER[DOCUMENT_ROOT]/forum/.htaccess add something like
php_value session.name PHPOTHERSESSNAME

Well ... that's my theory. Please do let me know if it works ....

P.S. Your server does need to be configured to allow .htaccess files to do this; here's hoping that yours IS, or you can change your apache config to do so.

[benbacardi]

yea i dont have access to the .htaccess files or anything like that...

but thanks neway

ne other ideas?! lol

[grahame]

Less good (since it means changing code ...) .... try adding

Code: Select all

<?php
ini_set("session.name","PHPMYNAME");
?>

at the very top of (each) top level script in the subdirectory. May also be worth checking the script to make sure it doesn't set this itself!

[benbacardi]

i wrote all the script myself by hand so it doesn't set that anywhere...

i have one file which is included by include "filename.php" at the top of every file... will putting it at the top of that do the trick?

[grahame]

Quote:

Originally Posted by benbacardi

i have one file which is included by include "filename.php" at the top of every file... will putting it at the top of that do the trick?

It should do .. in fact, I've just been "playing" with this as I'm putting a session wrapper around my site and don't want to disturb any "guts" and it can be even easier. The basic code change is an extra session_name call before the session_start. I am concerned (and still working on) places in the sites that are going to try to run sessions within sessions.

Code: Select all

session_name("MyWHC");
session_start();