How do I handle multiple PHP sessions with one user on a single server?
I have few Facebook Apps hosted on a single domain on m开发者_高级运维y server. It is possible that the same user may access two or more of my apps in a single session. How do I make sure that some data from one app doesn't end up in another app? Since the user may simply navigate away from the app, so logging out is not an option.
If you use a different session_name()
for each app, the sessions are effectively inert from one another.
// Application 1
session_name("APP1");
session_start();
// Application 2
session_name("APP2");
session_start();
The solution I can think of would be including the application that the person is using in the session data, and if you see the wrong session in the user's session data, you destroy the session.
Just a thought: maybe you'd want to set up a subdomain for each one of your apps. That way the cookies and sessions are completely separate automatically, rather than relying on a function (which may be slow, as one person indicated in the session_name()
manual comments.)
In addition, I believe separate subdomains keep you safer from exploits because of the same origin policy. (Right?)
You can make something like session sections by using different keys for every application. You just need to be sure to have the keys unique. Everytime you save some data into session save it in the proper section e.g.:
//save the ids into db or configuration file after it's generated
$app1id = uniqid('fbApp');
$app2id = uniqid('fbApp');
//Save data for application 1
$_SESSION[$app1id] = array('app' => 'data');
//Save data for application 2
$_SESSION[$app2id] = array('app' => 'data');
精彩评论