By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,132 Members | 1,425 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,132 IT Pros & Developers. It's quick & easy.

Another Session Question - Overlaps?

P: n/a
Let's say I run a server. I have two people using the server. Bill and Joe.
Bill is at address.com/bill and Joe is at address.com/joe.

Let's say Joe and Bill are both using PHP with sessions on their web pages.
Let's say they both create the session variable $_SESSION['yo']. Each uses
yo for a different purpose.

Now we have a user accessing address.com. He goes to Bill's site and his
session his started with the $_SESSION['yo'] created.

But then the user sees Joe's site, and he goes to it without closing his
browser. Joe's script sees that $_SESSION['yo'] exists and uses it. But
wait, it has bad data from Bill's site. Oh no! The world explodes and all is
lost.

Question: What is the best way to stop this unintentional overlapping of
session variables? Is there a way of maintaining separate sets of session
data?

Thank you again, I know I have a lot of questions.
Jul 16 '05 #1
Share this Question
Share on Google+
9 Replies


P: n/a
Xizor wrote:
Let's say I run a server. I have two people using the server. Bill and Joe.
Bill is at address.com/bill and Joe is at address.com/joe.

Let's say Joe and Bill are both using PHP with sessions on their web pages.
Let's say they both create the session variable $_SESSION['yo']. Each uses
yo for a different purpose.

Now we have a user accessing address.com. He goes to Bill's site and his
session his started with the $_SESSION['yo'] created.

But then the user sees Joe's site, and he goes to it without closing his
browser. Joe's script sees that $_SESSION['yo'] exists and uses it. But
wait, it has bad data from Bill's site. Oh no! The world explodes and all is
lost.

Question: What is the best way to stop this unintentional overlapping of
session variables? Is there a way of maintaining separate sets of session
data?

Thank you again, I know I have a lot of questions.

Is this a hypothetical question? I don't see why this would actually
happen. The Session ID--which tells PHP which temp session file to
open--is either a) part of the URL or b) stored as a cookie on the
client's machine. The session_start() function should figure out which
file to open and as such, have the correct instance of _SESSION.

Again, this is what I perceive to be the intended behavior, but if
you've experienced something contradictory, then the above paragraph is
of absolutely no consequence to you, and I apologize for wasting your
time :)

Jul 16 '05 #2

P: n/a

"Joshua Ghiloni" <jd***@SPAM.ME.AND.DIE.cwru.edu> wrote in message
news:bf**********@eeyore.INS.cwru.edu...
Xizor wrote:
Let's say I run a server. I have two people using the server. Bill and Joe. Bill is at address.com/bill and Joe is at address.com/joe.

Let's say Joe and Bill are both using PHP with sessions on their web pages. Let's say they both create the session variable $_SESSION['yo']. Each uses yo for a different purpose.

Now we have a user accessing address.com. He goes to Bill's site and his
session his started with the $_SESSION['yo'] created.

But then the user sees Joe's site, and he goes to it without closing his
browser. Joe's script sees that $_SESSION['yo'] exists and uses it. But
wait, it has bad data from Bill's site. Oh no! The world explodes and all is lost.

Question: What is the best way to stop this unintentional overlapping of
session variables? Is there a way of maintaining separate sets of session data?

Thank you again, I know I have a lot of questions.

Is this a hypothetical question? I don't see why this would actually
happen. The Session ID--which tells PHP which temp session file to
open--is either a) part of the URL or b) stored as a cookie on the
client's machine. The session_start() function should figure out which
file to open and as such, have the correct instance of _SESSION.


I don't think it is hypothetical. It would happen as far as I can tell. If a
user opens his browser and goes to Bill's site then that same user goes to
Joe's site, since both are running off the same domain, well then
session_start() will invoke the same cookie, hence the same session ID,
hence the same temp file, both from Bill's web site and Joe's.
Jul 16 '05 #3

P: n/a
Your understanding of PHP sessions is incomplete. Using your example
'yo' is simply a variable within the current session, but each time a
user accesses your site with his browser a new session is created with
a unique session id. This means that multiple users can access your
site and have a value for the 'yo' variable, but as each user has a
different session he also has a different copy of those session
variables.

If you look in the directory where you have directed PHP to store its
session files you will see a different file for each session where the
filename is the same as the session id.

Hope this helps.

Tony Marston
http://www.tonymarston.net/
"Xizor" <no**@nope.com> wrote in message news:<uL2Ra.73633$Ph3.7579@sccrnsc04>...
Let's say I run a server. I have two people using the server. Bill and Joe.
Bill is at address.com/bill and Joe is at address.com/joe.

Let's say Joe and Bill are both using PHP with sessions on their web pages.
Let's say they both create the session variable $_SESSION['yo']. Each uses
yo for a different purpose.

Now we have a user accessing address.com. He goes to Bill's site and his
session his started with the $_SESSION['yo'] created.

But then the user sees Joe's site, and he goes to it without closing his
browser. Joe's script sees that $_SESSION['yo'] exists and uses it. But
wait, it has bad data from Bill's site. Oh no! The world explodes and all is
lost.

Question: What is the best way to stop this unintentional overlapping of
session variables? Is there a way of maintaining separate sets of session
data?

Thank you again, I know I have a lot of questions.

Jul 16 '05 #4

P: n/a
Xizor wrote:
Question: What is the best way to stop this unintentional overlapping
of session variables? Is there a way of maintaining separate sets of
session data?


Hmm...

Maybe you could try setting session cookie path with
session_set_cookie_params()?

So your session var would be valid only in directory you want...

--
--- --- --- --- --- --- ---
ja**@croatiabiz.com
Jul 16 '05 #5

P: n/a
What would happen should the user be visiting Bill's pages and then directly
type the URL or clicked a bookmark which took them to Joe's site which was
using cookies?

Surely because the browser has remained open throughout the visit from
Bill's site to Joe's site then the Session ID would remain the same and all
variables associated with Bill's site would be passed to Joe and vice versa.

I am not expert but that is the way I perceive the Session system to work
under PHP.

HTH,

Paul Woodward
===
"Tony Marston" <to**@marston-home.demon.co.uk> wrote in message
news:75**************************@posting.google.c om...
Your understanding of PHP sessions is incomplete. Using your example
'yo' is simply a variable within the current session, but each time a
user accesses your site with his browser a new session is created with
a unique session id. This means that multiple users can access your
site and have a value for the 'yo' variable, but as each user has a
different session he also has a different copy of those session
variables.

If you look in the directory where you have directed PHP to store its
session files you will see a different file for each session where the
filename is the same as the session id.

Hope this helps.

Tony Marston
http://www.tonymarston.net/
"Xizor" <no**@nope.com> wrote in message

news:<uL2Ra.73633$Ph3.7579@sccrnsc04>...
Let's say I run a server. I have two people using the server. Bill and Joe. Bill is at address.com/bill and Joe is at address.com/joe.

Let's say Joe and Bill are both using PHP with sessions on their web pages. Let's say they both create the session variable $_SESSION['yo']. Each uses yo for a different purpose.

Now we have a user accessing address.com. He goes to Bill's site and his
session his started with the $_SESSION['yo'] created.

But then the user sees Joe's site, and he goes to it without closing his
browser. Joe's script sees that $_SESSION['yo'] exists and uses it. But
wait, it has bad data from Bill's site. Oh no! The world explodes and all is lost.

Question: What is the best way to stop this unintentional overlapping of
session variables? Is there a way of maintaining separate sets of session data?

Thank you again, I know I have a lot of questions.

Jul 16 '05 #6

P: n/a
Xizor wrote:
"Joshua Ghiloni" <jd***@SPAM.ME.AND.DIE.cwru.edu> wrote in message
news:bf**********@eeyore.INS.cwru.edu...
Xizor wrote:
Let's say I run a server. I have two people using the server. Bill and
Joe.
Bill is at address.com/bill and Joe is at address.com/joe.

Let's say Joe and Bill are both using PHP with sessions on their web
pages.
Let's say they both create the session variable $_SESSION['yo']. Each
uses
yo for a different purpose.

Now we have a user accessing address.com. He goes to Bill's site and his
session his started with the $_SESSION['yo'] created.

But then the user sees Joe's site, and he goes to it without closing his
browser. Joe's script sees that $_SESSION['yo'] exists and uses it. But
wait, it has bad data from Bill's site. Oh no! The world explodes and
all is
lost.

Question: What is the best way to stop this unintentional overlapping of
session variables? Is there a way of maintaining separate sets of
session
data?

Thank you again, I know I have a lot of questions.


Is this a hypothetical question? I don't see why this would actually
happen. The Session ID--which tells PHP which temp session file to
open--is either a) part of the URL or b) stored as a cookie on the
client's machine. The session_start() function should figure out which
file to open and as such, have the correct instance of _SESSION.

I don't think it is hypothetical. It would happen as far as I can tell. If a
user opens his browser and goes to Bill's site then that same user goes to
Joe's site, since both are running off the same domain, well then
session_start() will invoke the same cookie, hence the same session ID,
hence the same temp file, both from Bill's web site and Joe's.


Then my best suggestion would be to come up with more original session
variables ;) Since they're just keys of an array, and a key can be a
string, why not make the variable $_SESSION["joe_yo"] and
$_SESSION["bill_yo"] instead of $_SESSION["yo"]. Using global variables
like this--multiple global variables with the same name in different
programs--is always an issue.

Jul 16 '05 #7

P: n/a
Rod
Hi,

you can do that:

in Bill'site:
session_name("BILL");
session_start();

in Joe's site:
session_name("JOE");
session_start();

so even with the same user/browser you will use a different set of session
data for each site

brgds
"Xizor" <no**@nope.com> wrote in message
news:uL2Ra.73633$Ph3.7579@sccrnsc04...
Let's say I run a server. I have two people using the server. Bill and Joe. Bill is at address.com/bill and Joe is at address.com/joe.

Let's say Joe and Bill are both using PHP with sessions on their web pages. Let's say they both create the session variable $_SESSION['yo']. Each uses
yo for a different purpose.

Now we have a user accessing address.com. He goes to Bill's site and his
session his started with the $_SESSION['yo'] created.

But then the user sees Joe's site, and he goes to it without closing his
browser. Joe's script sees that $_SESSION['yo'] exists and uses it. But
wait, it has bad data from Bill's site. Oh no! The world explodes and all is lost.

Question: What is the best way to stop this unintentional overlapping of
session variables? Is there a way of maintaining separate sets of session
data?

Thank you again, I know I have a lot of questions.

Jul 16 '05 #8

P: n/a
I'll try this. Thanks.

"Rod" <to**@toto.com> wrote in message news:bf**********@home.itg.ti.com...
Hi,

you can do that:

in Bill'site:
session_name("BILL");
session_start();

in Joe's site:
session_name("JOE");
session_start();

so even with the same user/browser you will use a different set of session
data for each site

brgds
"Xizor" <no**@nope.com> wrote in message
news:uL2Ra.73633$Ph3.7579@sccrnsc04...
Let's say I run a server. I have two people using the server. Bill and Joe.
Bill is at address.com/bill and Joe is at address.com/joe.

Let's say Joe and Bill are both using PHP with sessions on their web

pages.
Let's say they both create the session variable $_SESSION['yo']. Each uses yo for a different purpose.

Now we have a user accessing address.com. He goes to Bill's site and his
session his started with the $_SESSION['yo'] created.

But then the user sees Joe's site, and he goes to it without closing his
browser. Joe's script sees that $_SESSION['yo'] exists and uses it. But
wait, it has bad data from Bill's site. Oh no! The world explodes and all is
lost.

Question: What is the best way to stop this unintentional overlapping of
session variables? Is there a way of maintaining separate sets of

session data?

Thank you again, I know I have a lot of questions.


Jul 16 '05 #9

P: n/a
"Paul Woodward" <no*****@newsgroups.com> wrote in message news:<3f***********************@news.dial.pipex.co m>...
What would happen should the user be visiting Bill's pages and then directly
type the URL or clicked a bookmark which took them to Joe's site which was
using cookies?

Surely because the browser has remained open throughout the visit from
Bill's site to Joe's site then the Session ID would remain the same and all
variables associated with Bill's site would be passed to Joe and vice versa.
The PHP session id is stored in a cookie, and as cookies are limited
to a particular site there will be a different cookie, therefore a
different session, for each site you visit.

Apart from this the session contents are maintained on the server, not
the client, so any session data that is saved on Bill's site is not
available on Joe's server, and vice versa. The session data for Bill's
site is therefore totally separate from the session data on Joe's
site.

Tony Marston
http://www.tonymarston.net/
I am not expert but that is the way I perceive the Session system to work
under PHP.

HTH,

Paul Woodward
===
"Tony Marston" <to**@marston-home.demon.co.uk> wrote in message
news:75**************************@posting.google.c om...
Your understanding of PHP sessions is incomplete. Using your example
'yo' is simply a variable within the current session, but each time a
user accesses your site with his browser a new session is created with
a unique session id. This means that multiple users can access your
site and have a value for the 'yo' variable, but as each user has a
different session he also has a different copy of those session
variables.

If you look in the directory where you have directed PHP to store its
session files you will see a different file for each session where the
filename is the same as the session id.

Hope this helps.

Tony Marston
http://www.tonymarston.net/
"Xizor" <no**@nope.com> wrote in message

news:<uL2Ra.73633$Ph3.7579@sccrnsc04>...
Let's say I run a server. I have two people using the server. Bill and Joe. Bill is at address.com/bill and Joe is at address.com/joe.

Let's say Joe and Bill are both using PHP with sessions on their web pages. Let's say they both create the session variable $_SESSION['yo']. Each uses yo for a different purpose.

Now we have a user accessing address.com. He goes to Bill's site and his
session his started with the $_SESSION['yo'] created.

But then the user sees Joe's site, and he goes to it without closing his
browser. Joe's script sees that $_SESSION['yo'] exists and uses it. But
wait, it has bad data from Bill's site. Oh no! The world explodes and all is lost.

Question: What is the best way to stop this unintentional overlapping of
session variables? Is there a way of maintaining separate sets of session data?

Thank you again, I know I have a lot of questions.

Jul 16 '05 #10

This discussion thread is closed

Replies have been disabled for this discussion.