$_SESSION is saved on server or in browser?

Because I have two websites on the same server and domain (different folders) and I have problems when asking for $_SESSIO开发者_JAVA技巧N['id'], basically both sites are using the same value and I don't want that.

If I change domain and point it to the same folder on the same server, will I have the same problem?

---

Session data is stored on the server. A cookie with the session's ID is stored on the user's computer, and is associated with a single domain name. The browser passes this cookie to the server so it knows what session data to associate with the user.

Two websites, hosted under the same domain, are going to share the same session because there will only be one cookie containing a session ID. If you put the websites under different domains, you will no longer have the problem since two different cookies (containing two different session ID's) will be made on the user's computer; one for each domain name.

---

Use session_set_cookie_params to change the session cookie's path (i.e. not using /, but /path1, /path2 etc), even they are using the same domain.

http://www.php.net/manual/en/function.session-set-cookie-params.php

---

No you will not. Session data is stored on the server, but is kept separate for every domain on that server.

That being said, you could "namespace" your two applications session data in the $_SESSION variable. For instance "yourdomain.com/app1" would store all it's data like so $_SESSION['app1']['whatever'] = 'something'; and "yourdomain.com/app2/ would use $_SESSION['app2']['whatever'] = 'something else';.

This would solve your collisions issue, but you'd have to make sure that nowhere in your code are you writing/reading to the wrong "namespace". Also "app1" would be able to read "app2"'s data, and vice versa.

---

http://php.net/manual/en/ref.session.php
And more specifically
http://www.php.net/manual/en/function.session-save-path.php

You can tell PHP where you save the session files using session-save-path.