I’m implementing login and registration for multiple domains that talk to a single database – we’ll call them i.domain-a.com and i.domain-b.com. Both these subdomains have A records in the DNS that point to a single server – thus making i.domain-a.com/hello.php and i.domain-b.com/hello.php run the same thing.
So, if I create a session on domain A, then I can go to domain B and retrieve the same session information. To implement completely separate login systems for both of them that utilise the same PHP functions I have written to handle registration, should I do something with session_name() based on $_SERVER['HTTP_HOST']? I’m not sure how similar my situation is to this guy, and hope this question isn’t too similar.
To avoid problems with sessions you should use the session_name(‘myapplication’) [ session_name({UNIQUE_APP_ID}) ].
The problem you are mentioning can occur in more simple situations where there is an administration panel and a sign-in form for the users of the web site.
If session_name is not used a signed-in user could have access to the admin. panel but this depends on the auth. scheme and mechanism you have implemented.
regards,