Asked  2 Years ago    Answers:  5   Viewed   41 times

I am to build a PHP application for a website that already has another PHP application running on the same domain/server. My app will of course be using sessions, and I don't want my sessions to interfere with the existing app. For example if I want to use $_SESSION['username'], maybe the other app also uses $_SESSION['username'], which could be a problem. I'm not looking for an extra layer of security, I trust the application I'm sharing the host with. I just want to avoid bugs.

One way would be to do something like $_SESSION['MY_APP_NAME']['username'], but I want to know if there is an easier way.

I see on the PHP documentation that there is a function called 'session_module_name'. The name sounds good, but the docs don't really explain what it is for.

Any advice?



There is an easier way: session_name.

Prior to calling session_start(); call session_name("something"); (where you change something to whatever you want it to be called).

Sunday, November 13, 2022

The behavior you describe opposes the concept of a browser session. Why would a user want more than one session? Is it a matter of user access controls needing to be enforced? If so, assign users to logical groups and grant permissions to specific groups. Do users need to perform some action on behalf of other users? If so, design the website around that concept instead of trying to create multiple sessions for a single user.

If you really have to do this, you could do something horrible like pass along a query parameter (very insecure!) between pages to act as a session ID, bypassing the actual $_SESSION altogether and managing your own concept of a session. Again, this is not normal and will only lead to headaches/security issues in the future.

Wednesday, October 26, 2022

the php-memcached extension supports session locking

the memcache and memcached extensions look syntactically similar so it may not be too much of a headache to give it a try. (memcached has a stable version 2.1.0 released 2012-08-07).

if you are set on using memcache 2.2.7 you will most likely have to implement the lock yourself by setting some "session_is_locked" variable in your session and then releasing/unsetting it when the script is done writing to the session. Then you'd always need to check if that variable is set before continuing with any scripts which write to the session.

Friday, September 23, 2022

You need to reset the $_SESSION value for timeout ($_SESSION['timeLogin']) when you execute redirection, otherwise when the client is back from redirect the value in session is the same and will be again redirected.

You could solve it with:

if(!isset($_SESSION['clientmacs']) ) {
    $_SESSION['clientmacs'] = ""; // add this line if not added somewhere else
    header('Location: index.php');


if(time() - $_SESSION['timeLogin'] > 1800) {
    $_SESSION['timeLogin'] = time(); // add this line
    header('Location: include/logout.php');

Maybe (depending on your logic) is better clear the entire session, and let it be reconfigured through the normal flow (session_destroy()) when you perform redirect.

Tuesday, December 27, 2022

session_destroy() destroys the active session. If you do not initialized the session, there will be nothing to be destroyed.

Thursday, September 29, 2022
Only authorized users can answer the search term. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :

Browse Other Code Languages