Prevent named sessions form overwriting each other

[NotionCommotion]

I have two scripts: script1.php and script2.php.

 

Script1 creates if it doesn't already exist and adds to a session named "SESSION1" and displays it:

 

Script2 similarly adds to a session named "SESSION2", but then needs to display the session used by the first script (i.e. SESSION1), and then goes back to its original session (SESSION2).

 

Script1 works perfect.  But when Script2 is executed, it changes the session ID in the SESSION1 cookie to the same value as used in its SESSION2 cookie.  If Script1 is later executed, it obviously lost its previous session values as it is now using a new session ID.

 

If I comment out the two session_name() lines, it will not overwrite the other session, however, this doesn't provide the functionality I need.

 

What is causing this and how do I prevent it????

 

script1.php

<?php
// script 1.  Will be accessed as http://one.example.com

$t=time();

//Access the primary session for script 1
session_name('SESSION1');
session_start();
$_SESSION['s1_'.$t]=$t;
echo("SESSION1<pre>".print_r($_SESSION,1)."</pre>");
?>

script2.php

<?php
// script 2.  Will be accessed as http://two.one.example.com

$t=time();

//Access the primary session for script 2
$default_name=session_name('SESSION2');
session_start();
$_SESSION['s2_'.(2*$t)]=2*$t;
echo("SESSION2<pre>".print_r($_SESSION,1)."</pre>");

//Use session created by script 1
$old_id_script2 = session_id();
session_write_close();
$old_name_script2 = session_name('SESSION1');
session_start();
echo("SESSION1<pre>".print_r($_SESSION,1)."</pre>");

//Go back to primary session
session_write_close();
$old_id_script1 = session_id($old_id_script2);
$old_name_script1 = session_name($old_name_script2);
session_start();
echo("SESSION2<pre>".print_r($_SESSION,1)."</pre>");

echo("default_name: $default_name<br>");
echo("old_id_script2: $old_id_script2<br>");
echo("old_name_script2: $old_name_script2<br>");
echo("old_id_script1: $old_id_script1<br>");
echo("old_name_script1: $old_name_script1<br>");
?>

Edited November 30, 2014 by NotionCommotion

[mac_gyver]

i have a basic why question. why are you trying to have more than one session that you want to share data between? someone in a previous thread asked why you are doing this and your reply was a statement of what you were trying to make work, not why you are doing this. knowing your overall purpose, would perhaps help someone to give a more direct solution, since what you are trying to make work is uncommon.

[NotionCommotion]

i have a basic why question. why are you trying to have more than one session that you want to share data between? someone in a previous thread asked why you are doing this and your reply was a statement of what you were trying to make work, not why you are doing this. knowing your overall purpose, would perhaps help someone to give a more direct solution, since what you are trying to make work is uncommon.

 

I believe the reply to the previous thread was that I should not attempt to pass session IDs over the URL.

 

As far as why, I have one subdomain administrator.subsite.example.com, and a second subdomain preview.administrator.subsite.example.com.  The second subdomain will confirm that the user has previously logged on to the first subdomain.

 

Putting aside whether it should be implemented or not, am stumped on why I am see this behavior.  Any ideas?

[NotionCommotion]

I could get the desired functionality without using session_name() at all.  It just seems too simple, and I think I am missing something.

<?php
// script 2.  Will be accessed as http://two.one.example.com

$t=time();

//Access the primary session for script 2
session_name('SESSION2');
session_start();
$_SESSION['s2_'.(2*$t)]=2*$t;
echo("SESSION2<pre>".print_r($_SESSION,1)."</pre>");

//Use session created by script 1
session_write_close();
//$NAME_session2 = session_name('SESSION1');
if(isset($_COOKIE['SESSION1'])) {
    $ID_session2 = session_id($_COOKIE['SESSION1']);
}
else {
    $ID_session2 = session_id();
    session_regenerate_id();
}
session_start();
echo("SESSION1<pre>".print_r($_SESSION,1)."</pre>");

//Go back to primary session
session_write_close();
$ID_session1 = session_id($ID_session2);
//$NAME_session1 = session_name($NAME_session2);
session_start();
echo("SESSION2<pre>".print_r($_SESSION,1)."</pre>");

echo("ID_session2: $ID_session2<br>");
//echo("NAME_session2: $NAME_session2<br>");
echo("ID_session: $ID_session1<br>");
//echo("NAME_session1: $NAME_session1<br>");
?>

[kicken]

If you want to be sharing data between sessions, it would be better to create your own session back end that will allow you to open arbitrary sessions without having to involve PHP's session handling functions. Calling session_start() multiple times may cause issues since it emits various session related headers and initializes $_SESSION.

 

Create your own session handler class and use that as your session back end. Then when you want to access another session instance just construct a new instance of the class with the given ID.

[NotionCommotion]

Thanks Kicken,

 

Good point about all those headers. Don't know the impact, but suspect it can't be ideal.

 

I'll check out session_handler_class but would like to first pursue different options.

 

Could I (and probably more importantly should I) attempt to access the session file directly?  I am just reading and not writing, I know the filename (i.e. the session ID), and will be performing this operation fairly rarely.

 

Or maybe I try doing this differently.  My script1 is responsible to set something when the user logs in.  Script2 needs to ensure the user logged on under script1, and if so, do something with the users_id.  Instead of using sessions, I could have script1 set two cookies (the users_id and some hash), and then script2 could deal with it as needed.  The risk factor of script2 getting spoofed is fairly low.

 

Thanks for your help

[NotionCommotion]

Well, this is odd.

 

I am still messing around with accessing a session, then getting the session id from another session cookie and accessing that session.

 

It appears that my server is being hit one time more than I would expect.

 

Also, a few things appear to be going out of sequence.  I have all these sys_log triggers, and the one at the end is not the last one logged, but one related to where I am accessing another session.  I've checked for __destruct and register_shutdown_function causing this, but they are not.

 

Am I going crazy, or can headers or something cause this?

[NotionCommotion]

I got rid of changing the session id and having multiple session_starts, and I don't have the out of sequence phenomena.  I am curious and hope someone could explain what might have been happening.  Note that there is an iframe involved as well, but I don't think it was the cause as it doesn't happen anymore.

 

As an alternative, I came up with the following.  Please comment (I have a feeling it will not be received very well).  It would have been nice not to have to actually change the global $_SESSION variable, but I didn't know how to decode the session file without using session_decode(), and as far as I know session_decode() doesn't have any options not to change the global $_SESSION variable.  Also, I am concerned that the session file prefix (sess_) might change in the future or based on PHP installation configuration.

public function getOtherSession($session_id_other)
{
    $session_current=$_SESSION;
    if($session_other=file_get_contents(session_save_path().'/sess_'.$session_id_other)) {
        session_decode($session_other);
        $session_other=$_SESSION;
        $_SESSION=$session_current;
    }
    else {$session_other=false;}
    return $session_other;
}