On 20/04/06, Ben Liu <[EMAIL PROTECTED]> wrote: > Hello All, > > I'm using a single development server to host multiple client > projects, many of which require session management. I've noticed that > sometimes when I test these various web apps (which are simply in > separate sub directories) I get session leakage where logging in and > establishing a session on one app allows me access to (automatically > logs me in) to other app(s) on the same server. Or sometimes a session > variable will be set across all the apps, like $_SESSION['username']. > > Is this due to the fact that sessions are established between client > browsers and servers, regardless of directory/sub directory?
Yes - that's the default behaviour, although if you set session.cookie_path separately for each app, they shouldn't share session cookies. You might also want to look at session.save_path which will allow each app to save their session files in a different location. -robin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
