Reputation: 5063
why $_SESSION not unique and looks duplicated
I've created 2 different directories on my website as follow
my_site.com/boo
and
my_site.com/koo
and i've uploaded in both the following test script (3 files)
1.php // Input form
<?PHP
session_start();
echo $_SESSION['msg'];
unset($_SESSION['msg']);
?>
<form method="post" action="2.php">
<input name="loginid" type="text" id="loginid">
<input type="Submit" name="Submit" value="Login"/>
</form>
2.php // check if login it correct (send me to 3.php) if not then back to 1.php
<?PHP
session_start();
$loginid=$_POST['loginid'];
if ($loginid="okay") {
$_SESSION['loginid'] = "logged";
header("Location: 3.php ");
exit;
} else {
$_SESSION['msg'] = "Wrong";
header("Location: 1.php ");
exit;
}
?>
3.php // it should gives Hello to admin if logged correct.
<?PHP
session_start();
if ($_SESSION['loginid']) {
echo "Hello To Admin";
} else {
$_SESSION['msg'] = "Please Login";
header("Location: 1.php ");
exit;
}
?>
Now my problem
If i went to my_site.com/boo/1.php and logged correct
then once i go to my_site.com/koo/3.php it gives me message Hello to admin as if i'm logged and this means if i've 2 different scripts on 2 different directories on my website using the same php skeleton so i can be logged to both !! why not unique.
it will hurts me as if i've identical scripts on my website with different directories and i don't indeed want to give access to all :)
i've an idea but not sure if correct or not so please advice.
i'll add check file (2.php) random code
<?PHP
session_start();
$loginid=$_POST['loginid'];
if ($loginid="okay") {
$random = rand(1, 1000000);
$_SESSION['loginid'] = "".$random.""; // random
header("Location: 3.php ");
exit;
} else {
$_SESSION['msg'] = "Wrong";
header("Location: 1.php ");
exit;
}
?>
so any help ~ Thanks
Upvotes: 1
Views: 159
Answers (4)
Reputation: 1055
You could use session_name(). This will make your $_SESSION variable to be connected to the session name instead of the global session context.
Documentation: http://se.php.net/manual/en/function.session-name.php
page 1:
session_name('first_page');
session_start();
$_SESSION['hello'] = "hi";
page 2:
session_name('second_page');
session_start();
// will generate false
var_dump(isset($_SESSION['hello']));
Upvotes: 1
Reputation: 12802
Use session_name() to make unique sessions:
/koo:
session_name('koo');
session_start();
/foo:
session_name('foo');
session_start();
Upvotes: 0
Reputation: 14618
Session ID is sent using cookie.
Cookie is based on domain name, as your sites sits on same domain, they also share PHPSESSID cookie.
When starting session try to name it first using http://us.php.net/manual/en/function.session-name.php
Read this for more info:
http://php.net/manual/en/session.security.php
Upvotes: 2
Reputation: 76870
Session is not limited to a directory or files, it's a way of sharing data from the same user... it is meant to work this way
Upvotes: 2
Related Questions
- Session not working the first time but second time it works
- SessionIDs are not unique in PHP
- Sessions in php not working as expected
- Session have same equal result but must diffrent
- PHP $_SESSION[variable] Always Equals Same Thing
- PHP sessions only works second time?
- session_start() is generating the same session id everytime
- PHP session being duplicated in foreach loop
- php $_SESSION got mixed
- Session is getting overwritten in php