two session overwriting in subdirectories - php

I have a website and a CMS panel located in sub-directory in the website. In the CMS panel I have session variables in which I write the username, level access etc.
The problem is that in the website I need to have user registration and login. When I try to log in the website, the two sessions are ovewritting each other and the end result is that the website session doesn't change(the user can't log in) and the CMS session receives the variables from the website session.
I searched the problem and saw someone suggesting that the two session should be named and therefore separated. I have session name on the website's session, but when I tried to name the second one I got server error.
The other thing that I saw was that the website's session is new with every page refresh, and this doesn't happen in the other one.
I don't have session_destroy or session_unset(regarding the session refresh problem).
What can be the problem and how to fix it?
EDIT
Maybe "ovewritting" is not the correct word. When I try to log in from the website nothing happens. When I try to log in the CMS I have the CMS session array AND the website's session array. I want them to be separated.

Related

Maintaining session on my Codeigniter project

I am having two domain urls for my online store:
example1.com for admin,
and example2.com for front end.
My CI project on both the URLs access the same database.
So, the problem now is when I stay in the admin side, everything works fine. But if I visit the front end site once and then come back to admin url and reload, then my session is destroyed and I have to login again.
If any one can explain me why the session is being destroyed.
So, I want a solution here to access the same database in different urls in codeigniter with out destroying the session.
In the CI application config file, make 'sess_use_database' to true, so that session will store in database, which makes session intact on different domains.

How to destroy user session from server

I have a blogging website in which users can post their ideas.
A user is posting some offensive things.
I have already deactivated that user from admin but the problem is that I am still getting their posts.
After deeply analysing things and my current code I am pretty sure that the ban will take effect when user logs out from their current session.
So my question is how can I destroy session of that particular user without affecting other users.
I am using Php in backend.
You can use in session_destroy() function, or destory only one session..
Example:
unset($_SESSION['whatever']);

Session Management for different folders

I am working on an application which contains two different portals (admin and members).
http://localhost/app/ is used for the members login and http://localhost/app/admin is used for admin's login.
When I log in into members and admins portal both works fine but if I logout from one portal another portal logged out automatically.
I checked that the session file created in /tmp/ directory stores the sessions information for both the portals in a single file which causes the above problem. The work around I think is to save the session information of both portals in different directories. I searched a lot for this but didn't get any resolution :(
Please help. Thanks in advance!
You can destroy session elements individually instead of just calling session_destroy();.
For example, use $_SESSION['logged_a'] for the admin and $_SESSION['logged_u'] for the user.
And then, depending on where you logout from, do unset($_SESSION['logged_a']) or unset($_SESSION['logged_u'])
I hope this helps! Good luck!
PHP sessions work on a per domain basis as they use cookies. If you want to have separate login systems for each directory your application will have to deal with that. A working approach would be to store the session id in a database along with a reference to which portals the session is logged in to. When a user logs out of one portal, rather than destroying the session, delete the record showing that the session is logged into that portal.

PHP Sessions not transferring after forms and redirects

I have secured pages that all check for a set session variable to determine logged in users, pretty standard stuff. Where I run into problems is when I submit form information to a backend page that will process that data and then redirect to a success/failure confirmation page. In that time the session gets lost, at least the session with the variable. The session is still around because I can manually navigate to a secured page after and it works. Just auto redirects from a backend page to a secured page or a link on one of the unsecured pages after a redirect from the backend will fail. It may or may not be related, but after visiting multiple secured pages or doing one of the operations that use the problematic backend pages, there are two session cookies on my computer from the domain-- one registered to domain.com and the other to www.domain.com. At the end of my wits about this, thanks.
I see two problems here, but they're related.
The first is that you seem to be bouncing between secured (https://) and un-secured (http://) pages. Cookies aren't supposed to be shared between those, so that's why your session appears to break (PHP sets a cookie with the session ID).
The other is closely related and that is sharing between domain.com and www.domain.com. Cookies can share in one direction, but not the other. Don't worry about which: just pick one hostname and stick with it. Then check that you're setting the session's cookie domain to the correct one.
You must call session_start() from your PHP page before you output anything, preferably at the start of the page.
If the session has been already created, it will resume it for that page.
http://php.net/manual/en/function.session-start.php

Writing in two sessions from the same file (PHP)

I want to make it possible for the administrator to log in as a fontend user from the backend. Right now I'm using two sessions (sessions with different names), one for the admin and one for the frontend.
Is it possible to write in the first session, close it and then open a new session?
This is a simplified version of what I attempted but failed:
session_name('admin_session');
session_start();
// use first session without generatring any output
session_close();
session_name('frontend_session');
session_start();
// use the second session
Thanks.
I have provided the facility for an administrator to switch to a "user" in the past.
I did this by serializing the admin user's $_SESSION and then storing that string as $_SESSION['adminData'] before overwriting all the other session vars with those of the user he was logging in as, and redirecting to the main page. The only different feature on the main page was an if test against $_SESSION['adminData'] that provided a "revert to admin" link... but to all intents and purposes, the administrator was now logged in as that user.
On clicking the "revert to admin" link, the code logic simply unserialized $_SESSION['adminData'].

Categories