I have been trying to use $_SESSION when a user successfully login to a website (eg. abc.com), but I am not sure why when I login another website(eg. zzz.com) simutanuously, it capture zzz.com details and show in abc.com.
Steps to reproduce:
1. Login to abc.com
2. Upon successful login, in home.php, i echo the $_SESSION["number"] . It correctly shows the staff's number (eg. E123).
Are you visiting zzz.com in thesame browser or browser session? In that case the session details will simply be overwritten, if zzz.com uses thesame session-variable ($_SESSION['number']) as abc.com.
Someone please correct me if I'm wrong, but is this solvable by storing your sessions in a local database and pulling the information from there? I've never worked with this before, so can't elaborate on the exact workings.
It shouldn't make any difference Thyrosis. The session cookie should be domain specific. The browser should recognise the difference between abc.com and zzz.com and only send the cookies related to each domain.
To be honest, I don't think there is anything wrong with the code that I can see. I think there might be something else going on with the browser or the configuration.
//Please don't use this for your form processing:
if (isset($_POST['submit']))
//Internet explorer has a bug and does not always send the submit value.
Not necessarily, there is one other potential cause non-related to cookies.
Are you sure you are using cookies for your sessions? Are you passing a querystring in any fashion that would allow the second domain (this is a domain right? Not a subdomain which is a completely different problem) which if hosted on the same server could read the same session file?
The only time websitea.com and websiteb.com can actually change data in each other's sessions is if they are on the same server AND phpsessid is passed through the querystring to the other server. You can try changing the save path locally by setting session_save_path to a new location prior to calling session_start.
There is one way where I can change all the session variables to different name but it would be a problem if I have alot of web application.
Can anyone please kindly advise if there is any code where the session variable will not inter-link from different web application even though they are in the same host/same session variable name.
The other alternative(s) which I would recommend over the session_name is changing the session's save path (do it in a global file used prior to anything else), and using a database instead. Both of these eliminate the possibility of conflict, assuming they are both configured differently.
Lately I've learned more about the sessions when using the save handler. Its definitely easier to use than my old manual db sessions and a lot less code overall, but I had to write the encoder and decoders for the serialized data since PHP doesn't really have a built in way of doing it (and I don't pull from the session superglobal itself). So that did take a bit of work. If you don't need to split up the data, than that won't be necessary, just a blob type would do.
I have found out 1 solution where i can use a unique session_name in different site in the same host.
That shouldn't really have affected it though in the first place. When you call session_start, it should generate it's own random identifier and (assuming you're using the default cookies to store it) should only be used on a per-domain basis.
I still think there is something else here that is playing up.
//Please don't use this for your form processing:
if (isset($_POST['submit']))
//Internet explorer has a bug and does not always send the submit value.
I still think there is something else here that is playing up.
Yep, there sure is. If its actually going across domains, the only way to pass the sid is via the querystring. So if you check the HTML links you may find that the sid is being passed across domains which should be fixed immediately.
Given the one post here though, I question if we are actually looking at separate domains. There is indication that its simply under /abc/ and /zzz/, in which case session cookies can be modified to only adhere to the directory level in which they were set. That can be done via an ini set as well with the session.cookie_path and changing it to /specificdir prior to calling session_start(). That should work.
There is indication that its simply under /abc/ and /zzz/
You know something Fou, I think you may well be right. Thinking about it, many registrars offer domain forwarding via frames so you can point it straight at a url instead of tinkering with DNS which many folks don't understand how to use. That would certainly explain the same sessions being used with two different domains using the same domain as the main host.
//Please don't use this for your form processing:
if (isset($_POST['submit']))
//Internet explorer has a bug and does not always send the submit value.
Before you post, read our: 
