NotionCommotion Posted November 9, 2014 Share Posted November 9, 2014 I have several "sites" located in my html directory, and each has a "general" access point and an "administrator" access point: /var/www/html/site1/index.php /var/www/html/site1/administrator/index.php /var/www/html/site2/index.php /var/www/html/site2/administrator/index.php /var/www/html/site3/index.php /var/www/html/site3/administrator/index.php All sites are similar except that data will be specific to site1, site2, or site3, etc. Users who log onto /var/www/html/siteX/index.php are totally unrelated to those who logon to /var/www/html/siteX/administrator/index.php, will have different logon credentials, are stored in different DB tables, and each should have their own session. If a user logs off of either the general or administrator site, it should not effect the other site even if they were previously logged on to both on the same PC (and of course not effect other sites). When a user logs off, I would like to destroy their previous cookie and associated session. Users for either will only use https. I am using Apache to rewrite https://www.mysite.com/ to https://mysite.com/. While I named the administrator site "administrator" above, the administrator user has the ability to change the directory name. I am thinking I need to use session_set_cookie_params to specify where I wish the session cookie to be stored since /var/www/html/siteX/administrator/index.php is a sub-directory to /var/www/html/siteX/index.php, but am not really sure. Sorry for the cryptic post, but I am not very well versed in this subject. How would you recommend setting up cookies/sessions for this scenario? Thank you Quote Link to comment Share on other sites More sharing options...
ginerjm Posted November 9, 2014 Share Posted November 9, 2014 Why not use the cookie parm that designates the folder that it will be accessible from? Quote Link to comment Share on other sites More sharing options...
NotionCommotion Posted November 9, 2014 Author Share Posted November 9, 2014 Why not use the cookie parm that designates the folder that it will be accessible from? If I destroy the cookie for the general site, will it not destroy the subdirectory cookie? Quote Link to comment Share on other sites More sharing options...
ginerjm Posted November 9, 2014 Share Posted November 9, 2014 Well you should have unique names for each one. Perhaps include the 'site' name in the cookie name? Quote Link to comment Share on other sites More sharing options...
NotionCommotion Posted November 9, 2014 Author Share Posted November 9, 2014 Well you should have unique names for each one. Perhaps include the 'site' name in the cookie name? Again, cookies are not my strong point, so I might be totally off base. But isn't the name for the session cookie always "PHPSESSID"? Quote Link to comment Share on other sites More sharing options...
ginerjm Posted November 9, 2014 Share Posted November 9, 2014 No - that is itself a cookie that directs your session to the session data. Read the manual on cookies. Quote Link to comment Share on other sites More sharing options...
NotionCommotion Posted November 9, 2014 Author Share Posted November 9, 2014 I've read, but sure I can use some more reading. HTTP or PHP manual? http://php.net/manual/en/features.cookies.php looks weak. Also, the whole point of my post regarded the cookie which stores the session ID. Could that session be renamed? Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted November 9, 2014 Share Posted November 9, 2014 (edited) But isn't the name for the session cookie always "PHPSESSID"? That is the default name for the cookie for containing the session id. Could that session be renamed? Yes. You can use session_name to give your session cookie a unique name for each site. Edited November 9, 2014 by Ch0cu3r Quote Link to comment Share on other sites More sharing options...
ginerjm Posted November 9, 2014 Share Posted November 9, 2014 My bad. I read different cookies for different instances of the app across folders. Of course now I ask the question - won't multiple users have different sessions anyway? Whats the concern about sessions? Quote Link to comment Share on other sites More sharing options...
NotionCommotion Posted November 9, 2014 Author Share Posted November 9, 2014 That is the default name for the cookie for containing the session id. Yes. You can use session_name to give your session cookie a unique name for each site. Thanks ChOcu3r. Note sure if it will be necessary, but good to know. My bad. I read different cookies for different instances of the app across folders. Of course now I ask the question - won't multiple users have different sessions anyway? Whats the concern about sessions? Thanks ginerjm, I don't think users have sessions, but clients have sessions. If a user visits http://mysite.com/site1/index.php and http://mysite.com/site1/administrator/index.php, there will be two session cookies set, right? What about http://site1.mysite.com/index.php and http://site1.mysite.com/administrator/index.php? Two more? Then there is http://www.mysite.com/site1/index.php (however, I indicated that I will be rewriting, so maybe these are not an issue). I was getting lost in the number of cookies, and wanted to centrally locate them under just http://mysite.com/site1. But then, if the general user logs off of a given client, the administrator user on that same client is logged off. Quote Link to comment Share on other sites More sharing options...
ginerjm Posted November 9, 2014 Share Posted November 9, 2014 True dat. So it sounds like you will have to assign a new session id when a user logs in which would then make that browser session separate from any other brower session that client is then running. Not the session cookie name as I understand it - simply get a new session id. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.