0

I have developed a small administration page for game servers which you can add/remove/edit settings online.

Everything works fine, but I have problem with sessions. If the log in is successful the session ID is created

$_SESSION['adm_login'] = "okay";

If I visit another page, the same platform (on the same web server) the session is automatically created. This happens only if I log in successful to my web page.

I think this problem happens because everything is on the same web server, because the session ID's are same.

What should I do? Am I need to create a table in data base where I store session ID's or... ?

Can anyone give me an example, or a tutorial for sessions php.

Thank you !

Farhan Ahmad
  • 5,148
  • 6
  • 40
  • 69
Reteras Remus
  • 923
  • 5
  • 19
  • 34
  • So is the session recreated on every page? I'm not understanding what you mean. – Farhan Ahmad Jun 12 '12 at 12:23
  • No, you don't understand. This 'platform' is used by 6 people. They have their own folders, different accounts, but everything is on the same web server. They doesn't have any common, they don't know each other. If I log in to my web page, the session is created. If I visit their pages, the pages tells me that I'm also logged IN on their pages, because the session are the same, because the session ID is granted by the web server (everything works on the same web server). This is why I want to find a way to grant UNIQUE session ID for each user. – Reteras Remus Jun 12 '12 at 13:28
  • @Reteras Remus: How do the users log in their pages ? You have an data base with created users ? If so (or not), why you don't create an unique session id using their unique code in data base ? – void Jun 12 '12 at 13:45
  • A unique session ID 'should' be created automatically when another user logs in. – Farhan Ahmad Jun 12 '12 at 13:57
  • @Farhan Ahmad - but how? Currently I use: $_SESSION['adm_login'] = "okay"; It's created if the user and the password matches from the database. – Reteras Remus Jun 12 '12 at 14:45

2 Answers2

3

Use settings such as session.cookie_path or session.cookie_domain so that the session cookie is only valid for the path or domain you want it to be.

For instance, if you have one folder for each "project", you would set session.cookie_path to the current project folder. This will ensure the browser only sends the session cookie for that project, and not for other ones. A new session will be generated for each project the user visits.

Niet the Dark Absol
  • 320,036
  • 81
  • 464
  • 592
1

Check out the session_regenerate_id() function. It will update the current session id with a newly generated one.

Create Unique SessionId:

session_start();
session_regenerate_id();
$_SESSION['adm_login'] = "okay";

Destroy Unique SessionId:

session_unset();
session_destroy();
$_SESSION = array();

The reason for writing session_unset and session_destroy is that when you create any session cookie gets created at server and at client browser and when you destroy the session from server the cookie created at client browser needs to be cleared as well.

Farhan Ahmad
  • 5,148
  • 6
  • 40
  • 69