Problem with session managment_问答_开发者_运维开发者技术经验分享

开发者 https://www.devze.com 2023-03-07 22:38 出处：网络

相关专题：cookies php

I have PHP application that contain three small applications. Each application have own users and they are unique for all system. I have problem with session management. When one user is logged in server.com/app1 and write server.com/app2 second application log in automaticaly with this user. But this user hasn't any rights on this application. In login page I do this:

$status = $user->status;

if($status != 4) {
        $auth_key = session_encrypt($userdata, $passdata);

        $SQL = "UPDATE customer SET auth_key = '$auth_key'
                WHERE username = '$userdata' ";

        $auth_query = mysql_db_query($db, $SQL);

        setcookie("auth_key", $auth_key, time() + 60 * 60 * 24 * 7, "/app1", "server.com", false, true);

        // Assign variables to session
        session_regenerate_id(true);
        $session_id = $user->id;
        $session_username = $userdata;

        $_SESSION['cid'] = $session_id;
        $_SESSION['username'] = $session_username;
        $_SESSION['status'] = $status;
        $_SESSION['user_lastactive'] = time();

        header("Location: index.php");
        exit;
}

But this doesn't work. Can someon开发者_如何学Ce help me how to repair my sessions. Thanks :)

If I'm reading your question correctly, your problem is that your three apps are independent but are hosted on the same server/use the same php instance. This results in their using the same php session, and the latter gets filled up with inappropriate garbage.

You've several potential solutions:

The first and easiest is to prefix your sessions in the way or another, i.e. use $_SESSION['app1']['param'] or $_SESSION['app1_param'] rather than $_SESSION['param'].

Another, if you've php installed as cgi rather than as an Apache module, is to configure each individual apps' php.ini in such a way that they're no longer sharing their session_id (i.e. configure the session cookie name and/or path) nor storing the session data in the same location (which is somewhere in /tmp if I recall correctly).

If you would like your sessions to be handled independently by each app then it might be easier to just set the unique sessionid for each app in the cookie.

setcookie("auth_key", $auth_key, time() + 60 * 60 * 24 * 7, "/app1", "server.com", false, true);

setcookie("auth_key", $auth_key, time() + 60 * 60 * 24 * 7, "/app2", "server.com", false, true);

setcookie("auth_key", $auth_key, time() + 60 * 60 * 24 * 7, "/app3", "server.com", false, true);