0

I am working on my localhost and I have two applications running there.

Let's say the urls are:

  1. localhost/apps/app1/
  2. localhost/apps/app2/

Each of the applications have there own login module which is using PHP based sessions to restrict/allow user to enter the application. The name of session variable is same i.e. uid. The way I am using it is:

<?php 
session_start();
if(!isset($_SESSION["uid"]))
    header('location:login/index.php');
?>

But the session variable of app1 is working and accessible in app2, which I don't want. How can I restrict the accessibility of session variable created in app1 so that it doesn't interfere with the other session variable.

I read this How to restrict a session to a directory only in PHP? but this won't work in my case as it is for one directory only.

Community
  • 1
  • 1
void
  • 36,090
  • 8
  • 62
  • 107
  • 1
    Couldn't you just create a session-based application property, e.g., `$_SESSION['current_app']` and check against that on an application basis? – David Wyly Apr 12 '16 at 19:25
  • This is not really restricting the $_SESSION variable to your directory, but you could always use the $_SESSION variable like this, and handle the rest yourself : $_SESSION['apps1']['uid']; $_SESSION['apps2']['uid']; – SamyQc Apr 12 '16 at 19:33
  • @DavidWyly Can't I use the same name and restrict the scope of session variable? – void Apr 12 '16 at 19:50

1 Answers1

1

Use different names for the sessions when calling session_start() by using the options array (more information: http://php.net/manual/en/session.configuration.php ), e.g.:

// App 1
session_start(['name' => 'Session1']);

// App 2
session_start(['name' => 'Session2']);

This results in different session cookie names and finally in completely separated sessions.

Andreas
  • 2,821
  • 25
  • 30
  • Can't I use the same name and restrict the scope of session variable? – void Apr 12 '16 at 19:49
  • You can't. Having completely different sessions (with different hashes and different cookie names) is by far the best (and safest) solution. – Andreas Apr 13 '16 at 03:05