1

I have several websites in one domain (virtual host): website.com/site1, website.com/site2 etc. On each site there is a authentification, which saves the username in Session.

The problem is: If I'm on site1, and, let's say, Alex accecced to site2 from my browser, site1 would think that I'm Alex. And if I do something, Alex will be written in the DB.

One solution, is to check whether the Session and the username is the same on each action.

Is there a solution to set different $_SESSION['name'] for site1 and site2, using the same $_SESSION['name'] variable?

Sonya Seyrios
  • 83
  • 1
  • 9

2 Answers2

0

I have a lazy solution if it could work for you that.

In

website.com/site1

When you start a session that means you do some functionalities and then store it in database like

//SQL things and finally
$_SESSION['username'] = $username;

you can do this

 $_SESSION['site1-username'] = $username;

Similarly in other site

$_SESSION['site2-username'] = $username;
Ali Rasheed
  • 2,765
  • 2
  • 18
  • 31
0

The better solution is found:

JS each 5 seconds sends to he server the username. Server checks if it's equal to Session. If not, the user is asked for authentification.

Sonya Seyrios
  • 83
  • 1
  • 9