Posted by Richard Lynch on 01/19/05 19:22

Marek Kilimajer wrote:
> Jason Barnett wrote:
>> Valter Toffolo wrote:
>>
>>> ok i have one server with a single domain, each user have it's home
>>> with a public_html so i get mydomain.com/~user1/ and
>>> mydomain.com/~user2/ and so on. but each user might like to use
>>> sessions so how can i make it work so that sessions would have each
>>> one it's own variables and all...??
>>>
>>> thanks, valter.
>>
>>
>> What is the problem? If you have session support set in PHP then each
>> user should be able to session_start etc. The default session handler
>> that comes with PHP will allow each user to have their own session
>> variables (technically they're indices in the $_SESSION superglobal
>> array).
>>
>> Please check the PHP manual to see how to set up session support if
>> that's what you're confused about.
>>
>
> The problem is with cookies being common for all user directories.

You'll have to be more specific than this.

Are you worried about:
1) Cookie filename collision, so two users criss-cross cookies?
2) Cookie security, so user1 can read user2's cookie files
3) Malicous user2 filling up everybody's /tmp dir with zillion cookie files

#1 is a non-problem, almost for sure. I don't think the OS+PHP will
*ever* let your cookie files share a common name

#2 separating them into different directories is not a whole lot of
help... If I know his cookie files are in ~/user2 and follow the same
naming conventions as the ones in my ~/user1 directory, I can still read
them.

#3 also separting the cookies is no help -- A full drive is a full drive.
Unless you are doing a low-level partition separate for each user.

> Each user should use session_set_cookie_params() to set the cookie path
> to its own directory. And use of session_regenerate_id() is a must, else
> user1 can set the cookie path to /~user2/ with lifetime till 2038 and...

And what?

Until we know what it is you think you're trying to "solve" we can't
advise you.

So far, all we've got is a stated desire to segregate cookie files for no
apparent reason.

I'm sure it's perfectly clear to you why you want this, but nobody else is
getting it.

--
Like Music?
http://l-i-e.com/artists.htm

• Next in thread: Re: [PHP] Re: multiple sessions on same server/domain
• Prev in thread: Re: [PHP] Re: multiple sessions on same server/domain
• Next in forum: Re: [PHP] Windows CLI and task scheduler
• Prev in forum: too slow to unset big array (after mem fragment)
• Thread view: Sessions

[Reply to this message]