Asked  7 Months ago    Answers:  5   Viewed   30 times

I want to set a different session ID depending on what folder a user is in.

For example, I have the domain https://example.com which has the folders /app1, /app2, etc. and then multiple files inside each app folder. I would like to set one session ID to be used with all files in app1 and a different session ID to be used in app2.

Can this be done?

 Answers

35

Set the path in the session cookie with session_set_cookie_params. Before session_start of course.

Wednesday, March 31, 2021
 
Stefan
answered 7 Months ago
98

I noticed on Firefox with Firebug that your pages are all cached . Your session is working fine, but your page are cached, making login and logout quite (messed up).

Disable HTTP caching for your dynamic pages.

See Firebug output:

Response Headers

HTTP/1.1 304 Not Modified
Date: Thu, 14 Oct 2010 13:16:50 GMT
Server: Apache mod_fcgid/2.3.5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Expires: Thu, 14 Oct 2010 16:16:50 GMT
Cache-Control: public, max-age=10800

Request Headers

GET / HTTP/1.1
Host: www.piataterenuri.info
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: PHPSESSID=55aea3f792334052dc673f85feb0b54a
If-Modified-Since: Wed, 13 Oct 2010 13:47:53 GMT
Cache-Control: max-age=0

PHP manual has already an example on how to disable caching:

http://php.net/manual/en/function.header.php

<?php

header("Cache-Control: no-cache, must-revalidate"); 
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past

?>
Wednesday, March 31, 2021
 
AntoineB
answered 7 Months ago
67

Ok, I've thought about this for a while and I think I've got it.

First things first: since you are getting the same session id from both servers, we can rule out any cookie-related issues. Clearly, you are successfully creating a cookie named a_name (though I'd recommend only alphanumeric characters for that cookie name) on www.example.com, and successfully reading that a_name cookie on forum.example.com. But, like you said, you aren't getting any data from forum.example.com. The session.cookie_lifetime = 0 is not an issue: that just means that the session cookie remains until the browser is closed.

We should delve into PHP's session handling a bit further. The session id you are reading out with session_id() refers to a file on your server. Typically, that file is present in /tmp/sess_$session_id. The contents of that file are your $_SESSION array, serialized. (Keep in mind that the data is not serialized the same way that serialize() in PHP does... but that's not important right now.).

I think this is a file permission-related issue:

  1. /tmp/sess_$session_id file is set with www.example.com's user and group.
  2. forum.example.com attempts to open /tmp/sess_$session_id, but doesn't have the proper permissions.
  3. As a result, you get an empty result when trying to print_r($_SESSION);

Solution:
Check your server's configuration file to make sure that www.example.com and forum.example.com are running as THE SAME USER AND GROUP. That is critical! For Apache, find your *.conf file:

User youruser
Group yourgroup

For nginx, find nginx.conf:

user youruser yourgroup;

If changing the server config files is not an option, then you should make sure that the users running the two sites are in the same group.

You can verify that this is the problem by first loading www.example.com and then sudo ls -ltc sess_* in your server's shell, via SSH (find the sess_ ending in your $session_id). Next, load forum.example.com and then sudo ls -ltc sess_* again, to see the user and/or group change.

Wednesday, March 31, 2021
 
khaverim
answered 7 Months ago
55

The problem was that one section forced the URL to domain.com and the other forced it to www.domain.com.

Saturday, May 29, 2021
 
Slinky
answered 5 Months ago
32

I would like to thank everybody who participated this question, the answer is the following: in reality memcache (not memcached) as session handler supports comma separated servers as the session.save_path, moreover it supports failover. The error mentioned above Session start failed. Original message: session_start(): Server 10.0.10.111 (tcp 11211) failed with: Connection refused (111) had only 8th (Notice) level. In fact engine just informs you about the fact that one of the servers is unavailable (which is logical, as otherwise how will you know?) and then successfully connects to the second server and using it.

So all of the misunderstanding has been caused by weak documentation, memcache/memcached confusions and paranoid (E_ALL) settings of my custom error handler. In the meantime the issue has been resolved by ignoring notices referring to error Connection refused (111) in the session establishing context

Sunday, September 19, 2021
 
Ralph Shillington
answered 1 Month ago
Only authorized users can answer the question. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :