I have PHP application that contain three small applications. Each application have own users and they are unique for all system. I have problem with session management. When one user is logged in server.com/app1 and write server.com/app2 second application log in automaticaly with this user. But this user hasn’t any rights on this application. In login page I do this:
$status = $user->status;
if($status != 4) {
$auth_key = session_encrypt($userdata, $passdata);
$SQL = "UPDATE customer SET auth_key = '$auth_key'
WHERE username = '$userdata' ";
$auth_query = mysql_db_query($db, $SQL);
setcookie("auth_key", $auth_key, time() + 60 * 60 * 24 * 7, "/app1", "server.com", false, true);
// Assign variables to session
session_regenerate_id(true);
$session_id = $user->id;
$session_username = $userdata;
$_SESSION['cid'] = $session_id;
$_SESSION['username'] = $session_username;
$_SESSION['status'] = $status;
$_SESSION['user_lastactive'] = time();
header("Location: index.php");
exit;
}
But this doesn’t work. Can someone help me how to repair my sessions. Thanks 🙂
If I’m reading your question correctly, your problem is that your three apps are independent but are hosted on the same server/use the same php instance. This results in their using the same php session, and the latter gets filled up with inappropriate garbage.
You’ve several potential solutions:
The first and easiest is to prefix your sessions in the way or another, i.e. use
$_SESSION['app1']['param']or$_SESSION['app1_param']rather than$_SESSION['param'].Another, if you’ve php installed as cgi rather than as an Apache module, is to configure each individual apps’ php.ini in such a way that they’re no longer sharing their session_id (i.e. configure the session cookie name and/or path) nor storing the session data in the same location (which is somewhere in /tmp if I recall correctly).