Sessions query - can't access session from another area of same domain

[plastik77]

Hi, I have an admin area of my site which is split into two sections. The main section is powered by a php framework, and the other section is the plogger photo gallery which i've integrated into my site. My problem is that I want an admin user to only have to login once to be able to access both admin areas, but when i set sessions upon the user logging into the admin section (powered by the framework), i then lose these sessions when the user moves to the gallery admin section. It could be to do with the way that the framework is configured to deal with sessions, but I thought I'd see if there was any other potential reason why this might be happening, or if there is any other way round this that anyone can think of?

 

Bit of a long shot, thanks in advance to anyone who can make any sense of this!

[waynew]

The admin section and the gallery have two different methods of setting and checking your sessions.

 

Whereas the admin may set a username for the session, the gallery might set a name or user agent etc.

 

It's hard to know; you'll need to pull your sleeves up, dive into the code and get your hands dirty with it; all the while realising that messing with the sessions of an already built system that you didn't build yourself is a risky game.

[plastik77]

cheers for the reply waynewex, i've already dived into the session management classes in the framework without any luck so far. the gallery's admin management is simple to disable, so without even beginning to think about proper security and the encryption processes used in the framework, i wanted to be able to see if i could set a simple session variable - e.g $_SESSION['logged_in'] = true (upon successful login by the user), then simply check this session on each gallery admin page. what happens is that the $_SESSION['logged_in'] variable persists across the pages which are powered by the framework, but it disappears upon entering the gallery.