2

I have an application that has user management using sessions.Under the root folder of the application I have an admin panel which I need to have different session as otherwise it conflicts with the root session.

-root
   -admin/adminFiles
   -rootFiles

I went through this thread and also the docs and tried the below code in my admin folder

if(HTTP_SERVER != 'http://localhost'){
    session_save_path("/tmp");
}
 session_name('session_for_admin');
 ini_set('session.cookie_path','/session_for_admin');
 session_set_cookie_params(60*60*24*5,'session_for_admin');
 session_start();

This just does not start the session.No error in the logs too. What am I doing wrong here.

I want to do it this way because the admin folder is just going to be accessed by a few privileged users and not very frequently. I am aware that session_name() adds and overhead.But would like to get through it this way.

Community
  • 1
  • 1
KillABug
  • 1,414
  • 6
  • 34
  • 69
  • Am I crazy or don't you need to have session_start before you can even check for the $_SESSION variable? – dmgig Jul 30 '14 at 15:03
  • oops!! thank you for the pointer! Actually I copied it from a different file not the actual file where the session is first set.Updated – KillABug Jul 30 '14 at 16:08
  • how is this supposed to actually react in different ways to anything? this will use `session_for_admin` everytime, won't it? – Félix Adriyel Gagnon-Grenier Jul 30 '14 at 16:19
  • Will it?If I set it inside the admin folder,the root folder will have the defalt session `PHPSESSID` right? – KillABug Jul 30 '14 at 16:25
  • @FélixGagnon-Grenier Can you please suggest the right way! – KillABug Jul 30 '14 at 17:54
  • @KillABug well, I can try, but I need to know how you make the difference between admin sessions and normal sessions – Félix Adriyel Gagnon-Grenier Jul 30 '14 at 18:05
  • I believe the names differentiate them,right?I kept the default root session untouched so it should work as it did.The admin session as above I am trying to name the session for admin.This should work as two different sessions i guess as the [documentation](http://php.net/manual/en/function.session-name.php) says. – KillABug Jul 30 '14 at 18:14
  • what I mean is when someone navigates to http://yourdomain.com/ how do you know with only this information if it is an admin or not? do you compare it against rights in a database? if you can't answer this question we can't differentiate between sessions by magic :) – Félix Adriyel Gagnon-Grenier Jul 30 '14 at 18:18
  • @FélixGagnon-Grenier Yes I have a database flag for the user having admin privileges.Only if the flag is set the user is allowed in – KillABug Jul 30 '14 at 19:06

2 Answers2

1

so in regard to what you say about having an admin flag in your database:

let's say that $admin contains a boolean: true if your database confirmed the user as an admin, false if it's not

this will activate the session with name based on the result of this boolean:

if ($admin)
 {session_name('session_for_admin');}
else
 {session_name('session_for_others');}
session_start();

this will start and manage two different sessions, in the same way that two different users will have their own session.

admittedly from there you may want to do other things such as changing the working directory, or include different files.

Which you could also do by just setting a variable in your session when the user is logged in as admin:

$_SESSION['admin'] = true;

from then on, you can check and use some files or other like this:

if ($_SESSION['admin'])
 {// use files in admin folder
  }
else
 {// use files in root folder
  }
Félix Adriyel Gagnon-Grenier
  • 8,422
  • 10
  • 52
  • 65
  • I had actually already tried that but did not work as well,my session is returned as `null`.Is there anything in the configuration that I need to change?I mean in the php.in. `if($value['adminAuthFlag'] === '1'){ session_name('session_gobiggi_admin'); ini_set('session.cookie_path','/session_gobiggi_admin'); session_set_cookie_params(60*60*24*5,'session_gobiggi_admin'); session_start(); }` – KillABug Jul 31 '14 at 06:52
0

Try using session_name before you start the session For example, in the first domain, use

session_name("AdminPanel");
session_start();

In the second domain, use

session_name("WebsiteID");
session_start();

For more visit session name

Ehab Aboassy
  • 3
  • 3