Avoid sharing PHP session

Question

I have a rare situation with PHP sessions. I have a web server running Apache2 (Linux Debian 10).

I developed a mini CRM using PHP and MySQL. My miniCRM is hosted in the same server but in two different directories, example: 192.168.0.233/app/1/login.php and 192.168.0.233/app/2/login.php.

I noticed that if I do login via 192.168.0.233/app/1 the session is also shown on 192.168.0.233/app/2.

I would like somebody help me to avoid this. I don't want the session created on app/1 be able in app/2. I would like to keep them separated.

In the mini CRM, the script login.php starts the session with these code:

    @$_SESSION["logged_user"] = "$post_username";

Note: The linux debian is running in VirtualBox.

Possible duplicate of [Same domain, different folder PHP session](https://stackoverflow.com/questions/5479626/same-domain-different-folder-php-session) — catcon, Oct 24 '19 at 05:01

score 0 · Answer 1 · answered Oct 24 '19 at 07:55

Right now at 3:44 AM I have found the solution.

This is what I did.

Inside app/1 I created a folder called tmp with 777 permissions

$ cd app/1

$mkdir tmp

$ chmod -R 777 tmp

Inside app/2 I created a folder called tmp with 777 permissions

$ cd app/2

$mkdir tmp

$ chmod -R 777 tmp

Inside app/1 I have created a .htaccess with this line:

php_value session.save_path "/var/www/html/app/1/tmp"

Inside app/2 I have created a .htaccess with this line:

php_value session.save_path "/var/www/html/app/2/tmp"

Done!

Now the session name is the same "logged_user" but they do not mix-up.

How each app/1 and app/2 are running the same mini CRM but each app/1 and app/2 save the PHP session inside their own tmp folder.

Take care, I am going to bed now :D

Avoid sharing PHP session

1 Answers1