5

I have one domain (domain.com) with multiple sub-pages that have different sessions (by default) and I want some of those sub-pages to share a session.

So for example I have domain.com/section1/staff/ and domain.com/section2/staff/. I am using the $_SESSION variable to store info on the currently logged in user and I want to be able to log in once in section1/staff/ and still be logged in when I go to section2/staff/.

From reading other postings it seems like this is the default way that sessions should work and in both pages the domain isn't set and the path is "/" in session_get_cookie_params() so it should be the same session but it's not sharing the $_SESSION variable and even when I call session_destroy() it doesn't destroy the other session.

Is there a way to explicitly set them to use the same (or another place to look for default settings that wouldn't show up in the session_get_cookie_params() array)?

Community
  • 1
  • 1
Mike
  • 457
  • 3
  • 13

3 Answers3

4

By default PHP will use the same session for all scripts on the same domain. Watch out for bouncing between domain.com and www.domain.com as they may not have the same session.

Instead of creating completely separate sessions for each section, why not use a single global session for the user and section that off? There is no reason $_SESSION can't be a multi-dimensional array.

//// things needed in multiple sections could go into a common grouping:
$_SESSION['common']['user'] = 'josh';
$_SESSION['common']['privileges']['section_access'] = array( 'section1'=>"yes", 'section2'=>"no", 'section5'=>"security-prompt" );

//// while things that were section specific could be grouped by section:
$_SESSION['section1']['agreed_to_terms'] = true;

//// you could also group by logical functionality:
$_SESSION['staff']['badge_no'] = 44815;

Using this kind of structure, you would have all the information available to you in each script, but only use the parts you need.

Also, this saves you the headache of juggling session_name() and other tricky bits in your logic. Plus, this solves the problem of how to share some bits of information (such as current user) between sessions.

Steve
  • 106
  • 1
  • 5
0

The usual suggestion when dealing with $_SESSION is to make sure that session_start(); is called at the top of all of your PHP scripts, before anything else.

Example:

<?php // file1.php

session_start();

// other stuff...

$_SESSION['user'] = 'josh';

?>

<?php // file2.php

session_start();

// other stuff...

echo $_SESSION['user']; // should print "josh"

?>
Josh
  • 12,448
  • 10
  • 74
  • 118
  • 1
    Yes there is not reason that all pages within the same domain would not work with default session settings if you are utilizing your session functions properly. – Mike Brant Jul 31 '12 at 21:48
  • In the one section I have session_start() immediately at the start of the file after – Mike Jul 31 '12 at 21:54
0

The problem was that one section forced the URL to domain.com and the other forced it to www.domain.com.

Mike
  • 457
  • 3
  • 13