Another Session Question - Overlaps?

Re: Another Session Question - Overlaps?

Xizor wrote:[color=blue]
> Let's say I run a server. I have two people using the server. Bill and Joe.
> Bill is at address.com/bill and Joe is at address.com/joe.
>
> Let's say Joe and Bill are both using PHP with sessions on their web pages.
> Let's say they both create the session variable $_SESSION['yo']. Each uses
> yo for a different purpose.
>
> Now we have a user accessing address.com. He goes to Bill's site and his
> session his started with the $_SESSION['yo'] created.
>
> But then the user sees Joe's site, and he goes to it without closing his
> browser. Joe's script sees that $_SESSION['yo'] exists and uses it. But
> wait, it has bad data from Bill's site. Oh no! The world explodes and all is
> lost.
>
> Question: What is the best way to stop this unintentional overlapping of
> session variables? Is there a way of maintaining separate sets of session
> data?
>
> Thank you again, I know I have a lot of questions.
>
>[/color]
Is this a hypothetical question? I don't see why this would actually
happen. The Session ID--which tells PHP which temp session file to
open--is either a) part of the URL or b) stored as a cookie on the
client's machine. The session_start() function should figure out which
file to open and as such, have the correct instance of _SESSION.

Again, this is what I perceive to be the intended behavior, but if
you've experienced something contradictory, then the above paragraph is
of absolutely no consequence to you, and I apologize for wasting your
time :)

Re: Another Session Question - Overlaps?


"Joshua Ghiloni" <jdg11@SPAM.ME. AND.DIE.cwru.ed u> wrote in message
news:bf2jc3$21u $1@eeyore.INS.c wru.edu...[color=blue]
> Xizor wrote:[color=green]
> > Let's say I run a server. I have two people using the server. Bill and[/color][/color]
Joe.[color=blue][color=green]
> > Bill is at address.com/bill and Joe is at address.com/joe.
> >
> > Let's say Joe and Bill are both using PHP with sessions on their web[/color][/color]
pages.[color=blue][color=green]
> > Let's say they both create the session variable $_SESSION['yo']. Each[/color][/color]
uses[color=blue][color=green]
> > yo for a different purpose.
> >
> > Now we have a user accessing address.com. He goes to Bill's site and his
> > session his started with the $_SESSION['yo'] created.
> >
> > But then the user sees Joe's site, and he goes to it without closing his
> > browser. Joe's script sees that $_SESSION['yo'] exists and uses it. But
> > wait, it has bad data from Bill's site. Oh no! The world explodes and[/color][/color]
all is[color=blue][color=green]
> > lost.
> >
> > Question: What is the best way to stop this unintentional overlapping of
> > session variables? Is there a way of maintaining separate sets of[/color][/color]
session[color=blue][color=green]
> > data?
> >
> > Thank you again, I know I have a lot of questions.
> >
> >[/color]
> Is this a hypothetical question? I don't see why this would actually
> happen. The Session ID--which tells PHP which temp session file to
> open--is either a) part of the URL or b) stored as a cookie on the
> client's machine. The session_start() function should figure out which
> file to open and as such, have the correct instance of _SESSION.
>[/color]

I don't think it is hypothetical. It would happen as far as I can tell. If a
user opens his browser and goes to Bill's site then that same user goes to
Joe's site, since both are running off the same domain, well then
session_start() will invoke the same cookie, hence the same session ID,
hence the same temp file, both from Bill's web site and Joe's.

Re: Another Session Question - Overlaps?

Your understanding of PHP sessions is incomplete. Using your example
'yo' is simply a variable within the current session, but each time a
user accesses your site with his browser a new session is created with
a unique session id. This means that multiple users can access your
site and have a value for the 'yo' variable, but as each user has a
different session he also has a different copy of those session
variables.

If you look in the directory where you have directed PHP to store its
session files you will see a different file for each session where the
filename is the same as the session id.

Hope this helps.

Tony Marston



"Xizor" <nope@nope.co m> wrote in message news:<uL2Ra.736 33$Ph3.7579@scc rnsc04>...[color=blue]
> Let's say I run a server. I have two people using the server. Bill and Joe.
> Bill is at address.com/bill and Joe is at address.com/joe.
>
> Let's say Joe and Bill are both using PHP with sessions on their web pages.
> Let's say they both create the session variable $_SESSION['yo']. Each uses
> yo for a different purpose.
>
> Now we have a user accessing address.com. He goes to Bill's site and his
> session his started with the $_SESSION['yo'] created.
>
> But then the user sees Joe's site, and he goes to it without closing his
> browser. Joe's script sees that $_SESSION['yo'] exists and uses it. But
> wait, it has bad data from Bill's site. Oh no! The world explodes and all is
> lost.
>
> Question: What is the best way to stop this unintentional overlapping of
> session variables? Is there a way of maintaining separate sets of session
> data?
>
> Thank you again, I know I have a lot of questions.[/color]

Re: Another Session Question - Overlaps?

Xizor wrote:[color=blue]
> Question: What is the best way to stop this unintentional overlapping
> of session variables? Is there a way of maintaining separate sets of
> session data?[/color]

Hmm...

Maybe you could try setting session cookie path with
session_set_coo kie_params()?

So your session var would be valid only in directory you want...

--
--- --- --- --- --- --- ---
jack@croatiabiz .com

Re: Another Session Question - Overlaps?

What would happen should the user be visiting Bill's pages and then directly
type the URL or clicked a bookmark which took them to Joe's site which was
using cookies?

Surely because the browser has remained open throughout the visit from
Bill's site to Joe's site then the Session ID would remain the same and all
variables associated with Bill's site would be passed to Joe and vice versa.

I am not expert but that is the way I perceive the Session system to work
under PHP.

HTH,

Paul Woodward
===
"Tony Marston" <tony@marston-home.demon.co.u k> wrote in message
news:7588a50f.0 307152351.7844d 881@posting.goo gle.com...[color=blue]
> Your understanding of PHP sessions is incomplete. Using your example
> 'yo' is simply a variable within the current session, but each time a
> user accesses your site with his browser a new session is created with
> a unique session id. This means that multiple users can access your
> site and have a value for the 'yo' variable, but as each user has a
> different session he also has a different copy of those session
> variables.
>
> If you look in the directory where you have directed PHP to store its
> session files you will see a different file for each session where the
> filename is the same as the session id.
>
> Hope this helps.
>
> Tony Marston
> http://www.tonymarston.net/
>
>
> "Xizor" <nope@nope.co m> wrote in message[/color]
news:<uL2Ra.736 33$Ph3.7579@scc rnsc04>...[color=blue][color=green]
> > Let's say I run a server. I have two people using the server. Bill and[/color][/color]
Joe.[color=blue][color=green]
> > Bill is at address.com/bill and Joe is at address.com/joe.
> >
> > Let's say Joe and Bill are both using PHP with sessions on their web[/color][/color]
pages.[color=blue][color=green]
> > Let's say they both create the session variable $_SESSION['yo']. Each[/color][/color]
uses[color=blue][color=green]
> > yo for a different purpose.
> >
> > Now we have a user accessing address.com. He goes to Bill's site and his
> > session his started with the $_SESSION['yo'] created.
> >
> > But then the user sees Joe's site, and he goes to it without closing his
> > browser. Joe's script sees that $_SESSION['yo'] exists and uses it. But
> > wait, it has bad data from Bill's site. Oh no! The world explodes and[/color][/color]
all is[color=blue][color=green]
> > lost.
> >
> > Question: What is the best way to stop this unintentional overlapping of
> > session variables? Is there a way of maintaining separate sets of[/color][/color]
session[color=blue][color=green]
> > data?
> >
> > Thank you again, I know I have a lot of questions.[/color][/color]

Re: Another Session Question - Overlaps?

Xizor wrote:[color=blue]
> "Joshua Ghiloni" <jdg11@SPAM.ME. AND.DIE.cwru.ed u> wrote in message
> news:bf2jc3$21u $1@eeyore.INS.c wru.edu...
>[color=green]
>>Xizor wrote:
>>[color=darkred]
>>>Let's say I run a server. I have two people using the server. Bill and[/color][/color]
>
> Joe.
>[color=green][color=darkred]
>>>Bill is at address.com/bill and Joe is at address.com/joe.
>>>
>>>Let's say Joe and Bill are both using PHP with sessions on their web[/color][/color]
>
> pages.
>[color=green][color=darkred]
>>>Let's say they both create the session variable $_SESSION['yo']. Each[/color][/color]
>
> uses
>[color=green][color=darkred]
>>>yo for a different purpose.
>>>
>>>Now we have a user accessing address.com. He goes to Bill's site and his
>>>session his started with the $_SESSION['yo'] created.
>>>
>>>But then the user sees Joe's site, and he goes to it without closing his
>>>browser. Joe's script sees that $_SESSION['yo'] exists and uses it. But
>>>wait, it has bad data from Bill's site. Oh no! The world explodes and[/color][/color]
>
> all is
>[color=green][color=darkred]
>>>lost.
>>>
>>>Question: What is the best way to stop this unintentional overlapping of
>>>session variables? Is there a way of maintaining separate sets of[/color][/color]
>
> session
>[color=green][color=darkred]
>>>data?
>>>
>>>Thank you again, I know I have a lot of questions.
>>>
>>>[/color]
>>
>>Is this a hypothetical question? I don't see why this would actually
>>happen. The Session ID--which tells PHP which temp session file to
>>open--is either a) part of the URL or b) stored as a cookie on the
>>client's machine. The session_start() function should figure out which
>>file to open and as such, have the correct instance of _SESSION.
>>[/color]
>
>
> I don't think it is hypothetical. It would happen as far as I can tell. If a
> user opens his browser and goes to Bill's site then that same user goes to
> Joe's site, since both are running off the same domain, well then
> session_start() will invoke the same cookie, hence the same session ID,
> hence the same temp file, both from Bill's web site and Joe's.
>
>[/color]

Then my best suggestion would be to come up with more original session
variables ;) Since they're just keys of an array, and a key can be a
string, why not make the variable $_SESSION["joe_yo"] and
$_SESSION["bill_yo"] instead of $_SESSION["yo"]. Using global variables
like this--multiple global variables with the same name in different
programs--is always an issue.

Re: Another Session Question - Overlaps?

Hi,

you can do that:

in Bill'site:
session_name("B ILL");
session_start() ;

in Joe's site:
session_name("J OE");
session_start() ;

so even with the same user/browser you will use a different set of session
data for each site

brgds


"Xizor" <nope@nope.co m> wrote in message
news:uL2Ra.7363 3$Ph3.7579@sccr nsc04...[color=blue]
> Let's say I run a server. I have two people using the server. Bill and[/color]
Joe.[color=blue]
> Bill is at address.com/bill and Joe is at address.com/joe.
>
> Let's say Joe and Bill are both using PHP with sessions on their web[/color]
pages.[color=blue]
> Let's say they both create the session variable $_SESSION['yo']. Each uses
> yo for a different purpose.
>
> Now we have a user accessing address.com. He goes to Bill's site and his
> session his started with the $_SESSION['yo'] created.
>
> But then the user sees Joe's site, and he goes to it without closing his
> browser. Joe's script sees that $_SESSION['yo'] exists and uses it. But
> wait, it has bad data from Bill's site. Oh no! The world explodes and all[/color]
is[color=blue]
> lost.
>
> Question: What is the best way to stop this unintentional overlapping of
> session variables? Is there a way of maintaining separate sets of session
> data?
>
> Thank you again, I know I have a lot of questions.
>
>[/color]

Re: Another Session Question - Overlaps?

I'll try this. Thanks.

"Rod" <toto@toto.co m> wrote in message news:bf3igh$sic $1@home.itg.ti. com...[color=blue]
> Hi,
>
> you can do that:
>
> in Bill'site:
> session_name("B ILL");
> session_start() ;
>
> in Joe's site:
> session_name("J OE");
> session_start() ;
>
> so even with the same user/browser you will use a different set of session
> data for each site
>
> brgds
>
>
> "Xizor" <nope@nope.co m> wrote in message
> news:uL2Ra.7363 3$Ph3.7579@sccr nsc04...[color=green]
> > Let's say I run a server. I have two people using the server. Bill and[/color]
> Joe.[color=green]
> > Bill is at address.com/bill and Joe is at address.com/joe.
> >
> > Let's say Joe and Bill are both using PHP with sessions on their web[/color]
> pages.[color=green]
> > Let's say they both create the session variable $_SESSION['yo']. Each[/color][/color]
uses[color=blue][color=green]
> > yo for a different purpose.
> >
> > Now we have a user accessing address.com. He goes to Bill's site and his
> > session his started with the $_SESSION['yo'] created.
> >
> > But then the user sees Joe's site, and he goes to it without closing his
> > browser. Joe's script sees that $_SESSION['yo'] exists and uses it. But
> > wait, it has bad data from Bill's site. Oh no! The world explodes and[/color][/color]
all[color=blue]
> is[color=green]
> > lost.
> >
> > Question: What is the best way to stop this unintentional overlapping of
> > session variables? Is there a way of maintaining separate sets of[/color][/color]
session[color=blue][color=green]
> > data?
> >
> > Thank you again, I know I have a lot of questions.
> >
> >[/color]
>
>[/color]

Re: Another Session Question - Overlaps?

"Paul Woodward" <noreply@newsgr oups.com> wrote in message news:<3f154388$ 0$15038$cc9e4d1 f@news.dial.pip ex.com>...[color=blue]
> What would happen should the user be visiting Bill's pages and then directly
> type the URL or clicked a bookmark which took them to Joe's site which was
> using cookies?
>
> Surely because the browser has remained open throughout the visit from
> Bill's site to Joe's site then the Session ID would remain the same and all
> variables associated with Bill's site would be passed to Joe and vice versa.[/color]

The PHP session id is stored in a cookie, and as cookies are limited
to a particular site there will be a different cookie, therefore a
different session, for each site you visit.

Apart from this the session contents are maintained on the server, not
the client, so any session data that is saved on Bill's site is not
available on Joe's server, and vice versa. The session data for Bill's
site is therefore totally separate from the session data on Joe's
site.

Tony Marston

[color=blue]
> I am not expert but that is the way I perceive the Session system to work
> under PHP.
>
> HTH,
>
> Paul Woodward
> ===
> "Tony Marston" <tony@marston-home.demon.co.u k> wrote in message
> news:7588a50f.0 307152351.7844d 881@posting.goo gle.com...[color=green]
> > Your understanding of PHP sessions is incomplete. Using your example
> > 'yo' is simply a variable within the current session, but each time a
> > user accesses your site with his browser a new session is created with
> > a unique session id. This means that multiple users can access your
> > site and have a value for the 'yo' variable, but as each user has a
> > different session he also has a different copy of those session
> > variables.
> >
> > If you look in the directory where you have directed PHP to store its
> > session files you will see a different file for each session where the
> > filename is the same as the session id.
> >
> > Hope this helps.
> >
> > Tony Marston
> > http://www.tonymarston.net/
> >
> >
> > "Xizor" <nope@nope.co m> wrote in message[/color]
> news:<uL2Ra.736 33$Ph3.7579@scc rnsc04>...[color=green][color=darkred]
> > > Let's say I run a server. I have two people using the server. Bill and[/color][/color]
> Joe.[color=green][color=darkred]
> > > Bill is at address.com/bill and Joe is at address.com/joe.
> > >
> > > Let's say Joe and Bill are both using PHP with sessions on their web[/color][/color]
> pages.[color=green][color=darkred]
> > > Let's say they both create the session variable $_SESSION['yo']. Each[/color][/color]
> uses[color=green][color=darkred]
> > > yo for a different purpose.
> > >
> > > Now we have a user accessing address.com. He goes to Bill's site and his
> > > session his started with the $_SESSION['yo'] created.
> > >
> > > But then the user sees Joe's site, and he goes to it without closing his
> > > browser. Joe's script sees that $_SESSION['yo'] exists and uses it. But
> > > wait, it has bad data from Bill's site. Oh no! The world explodes and[/color][/color]
> all is[color=green][color=darkred]
> > > lost.
> > >
> > > Question: What is the best way to stop this unintentional overlapping of
> > > session variables? Is there a way of maintaining separate sets of[/color][/color]
> session[color=green][color=darkred]
> > > data?
> > >
> > > Thank you again, I know I have a lot of questions.[/color][/color][/color]