How can I manage separate session states for two different websites on the same hosting using php

Question

I am currently developing two web sites, and debugging them by connecting to localhost.

The first site is referenced with http://localhost/web1 and the second is referenced with http://localhost/web2.

I have created a login script for each in which three domain-specific session variables are set, e.g.:

1. $_SESSION['web1_user']
2. $_SESSION['web1_login']
3. $_SESSION['web1_sessionID']

However, when I log in to both sites on the same browser, then log out of one site (which fires session_destroy(), I am automatically logged out of the second site as well.

Any ideas as to how I might resolve this problem would be very much appreciated. :(

Answer 1

Ahhh, the pleasures of shared hosting! The best thing to do is simply use a different browser for each site whenever you actually require being logged in to both sites simultaneously...

To explain why this is important, you must understand the following, however:

Session variables are stored on the server, with a keyed reference on the server and a cookie on your browser. Once you unset and destroy either of the two, a match can no longer be made - and your session is gone!

session_start();
session_unset();
session_destroy(); 

The above will kill all session variables linking the server to your browser (on the server side).

The way to manage this easily is to make session variables into another set of arrays:

$_SESSION["site1"] = array( $user_id, $session_id );
$_SESSION["site2"] = array( $user_id, $session_id );

You could of course make it fancy:

$_SESSION['site3']['userID']    = 'someuserid';
$_SESSION['site3']['sessionid'] = 'somesessionid';

Then when you logout from site 1

session_start();
unset($_SESSION['site1']);

In this case, you have created a separate session management system for each site (using a two-dimensional array, the top layer of which is keyed by your site's identifier). This makes it so that each site manages a separate set of session variables - and when you destroy one, you do not touch the others.

However, I realllllllllly recommend using different browsers instead (or in addition)...

Answer 2

I recently solved a problem which is related to your question. Originally, I was looking for an implementation similar to what you are describing, and after doing quite a bit of searching around - this is what I came up with:

Site 1 :

ini_set("session.cookie_domain", "yourdomainname");
$some_name = session_name("some_name");
$domain = 'your domain name';
session_set_cookie_params(0, "/", $domain);
session_start();
$_SESSION['user']=$_POST['user'];
$_SESSION['password']=$_POST['password'];

Site 2 :

$some_name = session_name("some_name");
ini_set('session.cookie_domain', 'yourdomainname');
session_start();
echo $_SESSION['user'];
echo $_SESSION['password'];

This change worked well for me - and my guess is that it will also help you.

Answer 3

Use

session_name('web1');

before session_start();