Sessions under localhost

OK, I've been having this problem for quite some time but never until
now I really needed a solution. I have never thought of a work around,
so I really need your help. Sorry if this has been mentioned already.
You can point me to the post and I'll gladly read. I googled this a
lot but, first, most people have tutorials for sharing sessions in
subdomains, and, second, I have no clue what keywords to use.

I am currently developing two web sites in my localhost. The first one
is http://localhost/pageone and the other http://localhost/pagetwo. I
have a login script for each. The login script can either be session
based (for temporary logins) or cookie based (for long term logins).

When I login in one site, I create two session variables named user
and key which store a user name and a random 128 characters string.
The key is stored in the database and changes upon each login (a
little security). After successfully logging in in pageone using
sessions, I noticed that in pagetwo I am also logged in. So I added a
session variable "domain" which I check on both pages to see if the
session information is for the right page. Although this works, I
found that now I can only be logged in in one page at a time. I am
assuming that sessions are shared.

Cookies can be set using the domain to avoid this. Is there anything
similar with sessions? Is there a work around? I'm also assuming that
this will not be the case if I buy a hosting and create different
domains for each web page. Is this true?

Thank you in advance.
Panagiotis.

pek escribió:
> OK, I've been having this problem for quite some time but never until
> now I really needed a solution. I have never thought of a work around,
> so I really need your help. Sorry if this has been mentioned already.
> You can point me to the post and I'll gladly read. I googled this a
> lot but, first, most people have tutorials for sharing sessions in
> subdomains, and, second, I have no clue what keywords to use.
>
> I am currently developing two web sites in my localhost. The first one
> is http://localhost/pageone and the other http://localhost/pagetwo. I
> have a login script for each. The login script can either be session
> based (for temporary logins) or cookie based (for long term logins).
>
> When I login in one site, I create two session variables named user
> and key which store a user name and a random 128 characters string.
> The key is stored in the database and changes upon each login (a
> little security). After successfully logging in in pageone using
> sessions, I noticed that in pagetwo I am also logged in. So I added a
> session variable "domain" which I check on both pages to see if the
> session information is for the right page. Although this works, I
> found that now I can only be logged in in one page at a time. I am
> assuming that sessions are shared.

Sessions are shared between all hosted sites unless you change it but it
shouldn't be an issue. Your problem is with cookies. It's pointless to
specify a *domain* in setcookie() because both sites are in the same
domain (localhost). What you need to specify is a *path*.

Same applies to session_set_cookie_params().


--
-- http://alvaro.es - Álvaro G. Vicario - Burgos, Spain
-- Mi sitio sobre programación web: http://bits.demogracia.com
-- Mi web de humor al baño María: http://www.demogracia.com
--

On Jun 24, 6:42*pm, "Álvaro G. Vicario"
<alvaroNOSPAMTHA...@demogracia.com> wrote:
> pek escribió:
>
>
>
> > OK, I've been having this problem for quite some time but never until
> > now I really needed a solution. I have never thought of a work around,
> > so I really need your help. Sorry if this has been mentioned already.
> > You can point me to the post and I'll gladly read. I googled this a
> > lot but, first, most people have tutorials for sharing sessions in
> > subdomains, and, second, I have no clue what keywords to use.
>
> > I am currently developing two web sites in my localhost. The first one
> > ishttp://localhost/pageoneand the otherhttp://localhost/pagetwo. I
> > have a login script for each. The login script can either be session
> > based (for temporary logins) or cookie based (for long term logins).
>
> > When I login in one site, I create two session variables named user
> > and key which store a user name and a random 128 characters string.
> > The key is stored in the database and changes upon each login (a
> > little security). After successfully logging in in pageone using
> > sessions, I noticed that in pagetwo I am also logged in. So I added a
> > session variable "domain" which I check on both pages to see if the
> > session information is for the right page. Although this works, I
> > found that now I can only be logged in in one page at a time. I am
> > assuming that sessions are shared.
>
> Sessions are shared between all hosted sites unless you change it but it
> shouldn't be an issue. Your problem is with cookies. It's pointless to
> specify a *domain* in setcookie() because both sites are in the same
> domain (localhost). What you need to specify is a *path*.
>
> Same applies to session_set_cookie_params().
>
> --
> --http://alvaro.es- Álvaro G. Vicario - Burgos, Spain
> -- Mi sitio sobre programación web:http://bits.demogracia.com
> -- Mi web de humor al baño María:http://www.demogracia.com
> --

Uhm, sorry, indeed, I was already using path in setting the cookie, so
logging in with cookie works correctly. My problem is with sessions.
Because I want a user to be able to login for the current browsing
session. I now have a session_name before session_start with different
name and looks like it's working. I haven't really tested it a lot.

Álvaro G. Vicario wrote:
> pek escribió:
>> OK, I've been having this problem for quite some time but never until
>> now I really needed a solution. I have never thought of a work around,
>> so I really need your help. Sorry if this has been mentioned already.
>> You can point me to the post and I'll gladly read. I googled this a
>> lot but, first, most people have tutorials for sharing sessions in
>> subdomains, and, second, I have no clue what keywords to use.
>>
>> I am currently developing two web sites in my localhost. The first one
>> is http://localhost/pageone and the other http://localhost/pagetwo. I
>> have a login script for each. The login script can either be session
>> based (for temporary logins) or cookie based (for long term logins).
>>
>> When I login in one site, I create two session variables named user
>> and key which store a user name and a random 128 characters string.
>> The key is stored in the database and changes upon each login (a
>> little security). After successfully logging in in pageone using
>> sessions, I noticed that in pagetwo I am also logged in. So I added a
>> session variable "domain" which I check on both pages to see if the
>> session information is for the right page. Although this works, I
>> found that now I can only be logged in in one page at a time. I am
>> assuming that sessions are shared.
>
> Sessions are shared between all hosted sites unless you change it but it
> shouldn't be an issue. Your problem is with cookies. It's pointless to
> specify a *domain* in setcookie() because both sites are in the same
> domain (localhost). What you need to specify is a *path*.
>
> Same applies to session_set_cookie_params().
>
>

Incorrect. Cookies, which are used to manage sessions, are domain
specific. A browser will not send a cookie to another domain,
irregardless of the host.

In this case both are on "localhost", so the domain is the same.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

pek wrote:
> OK, I've been having this problem for quite some time but never until
> now I really needed a solution. I have never thought of a work around,
> so I really need your help. Sorry if this has been mentioned already.
> You can point me to the post and I'll gladly read. I googled this a
> lot but, first, most people have tutorials for sharing sessions in
> subdomains, and, second, I have no clue what keywords to use.
>
> I am currently developing two web sites in my localhost. The first one
> is http://localhost/pageone and the other http://localhost/pagetwo. I
> have a login script for each. The login script can either be session
> based (for temporary logins) or cookie based (for long term logins).
>
> When I login in one site, I create two session variables named user
> and key which store a user name and a random 128 characters string.
> The key is stored in the database and changes upon each login (a
> little security). After successfully logging in in pageone using
> sessions, I noticed that in pagetwo I am also logged in. So I added a
> session variable "domain" which I check on both pages to see if the
> session information is for the right page. Although this works, I
> found that now I can only be logged in in one page at a time. I am
> assuming that sessions are shared.
>
> Cookies can be set using the domain to avoid this. Is there anything
> similar with sessions? Is there a work around? I'm also assuming that
> this will not be the case if I buy a hosting and create different
> domains for each web page. Is this true?
>
> Thank you in advance.
> Panagiotis.
>

Your problem is the domain is the same for both - so the browser will
send the session cookie to either one. This will not occur on a "live"
site.

I'm assuming these will be two different sites when you upload them -
i.e. www.example.org and www.example.com.

If this is the case, you have another problem - you probably won't use
www.example1.com/page1 and www.example.com/page2 when you upload them.
So, set up your web host to handle two different sites, and change your
HOSTS file to reflect the two sites. You can find more information on
how to do this in alt.apache.configuration (assuming, of course, this is
an Apache server).

Then you will be duplicating the "live" environment - and possibly find
some bugs (i.e. with file paths) that you didn't know about before.


--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

On Jun 24, 10:11*pm, Jerry Stuckle <jstuck...@attglobal.net> wrote:
> pek wrote:
> > OK, I've been having this problem for quite some time but never until
> > now I really needed a solution. I have never thought of a work around,
> > so I really need your help. Sorry if this has been mentioned already.
> > You can point me to the post and I'll gladly read. I googled this a
> > lot but, first, most people have tutorials for sharing sessions in
> > subdomains, and, second, I have no clue what keywords to use.
>
> > I am currently developing two web sites in my localhost. The first one
> > ishttp://localhost/pageoneand the otherhttp://localhost/pagetwo. I
> > have a login script for each. The login script can either be session
> > based (for temporary logins) or cookie based (for long term logins).
>
> > When I login in one site, I create two session variables named user
> > and key which store a user name and a random 128 characters string.
> > The key is stored in the database and changes upon each login (a
> > little security). After successfully logging in in pageone using
> > sessions, I noticed that in pagetwo I am also logged in. So I added a
> > session variable "domain" which I check on both pages to see if the
> > session information is for the right page. Although this works, I
> > found that now I can only be logged in in one page at a time. I am
> > assuming that sessions are shared.
>
> > Cookies can be set using the domain to avoid this. Is there anything
> > similar with sessions? Is there a work around? I'm also assuming that
> > this will not be the case if I buy a hosting and create different
> > domains for each web page. Is this true?
>
> > Thank you in advance.
> > Panagiotis.
>
> Your problem is the domain is the same for both - so the browser will
> send the session cookie to either one. *This will not occur on a "live"
> site.
>
> I'm assuming these will be two different sites when you upload them -
> i.e.www.example.organdwww.example.com.
>
> If this is the case, you have another problem - you probably won't usewww..example1.com/page1andwww.example.com/page2when you upload them.
I didn't quite get what did you meant with "you probably won't use
www.example.com/page1 and www.example.com/page2
I will be upload the two sites in the same hosting but the domains
will be different (i.e. www.page1.com and www.page2.com)..
Currently, using session_name("page1") and session_name("page2") works
correctly. I'm not sure if this is how it should be..
> So, set up your web host to handle two different sites, and change your
> HOSTS file to reflect the two sites. *You can find more information on
> how to do this in alt.apache.configuration (assuming, of course, this is
> an Apache server).
>
> Then you will be duplicating the "live" environment - and possibly find
> some bugs (i.e. with file paths) that you didn't know about before.
>
> --
> ==================
> Remove the "x" from my email address
> Jerry Stuckle
> JDS Computer Training Corp.
> jstuck...@attglobal.net
> ==================

pek wrote:
> On Jun 24, 10:11 pm, Jerry Stuckle <jstuck...@attglobal.net> wrote:
>> pek wrote:
>>> OK, I've been having this problem for quite some time but never until
>>> now I really needed a solution. I have never thought of a work around,
>>> so I really need your help. Sorry if this has been mentioned already.
>>> You can point me to the post and I'll gladly read. I googled this a
>>> lot but, first, most people have tutorials for sharing sessions in
>>> subdomains, and, second, I have no clue what keywords to use.
>>> I am currently developing two web sites in my localhost. The first one
>>> ishttp://localhost/pageoneand the otherhttp://localhost/pagetwo. I
>>> have a login script for each. The login script can either be session
>>> based (for temporary logins) or cookie based (for long term logins).
>>> When I login in one site, I create two session variables named user
>>> and key which store a user name and a random 128 characters string.
>>> The key is stored in the database and changes upon each login (a
>>> little security). After successfully logging in in pageone using
>>> sessions, I noticed that in pagetwo I am also logged in. So I added a
>>> session variable "domain" which I check on both pages to see if the
>>> session information is for the right page. Although this works, I
>>> found that now I can only be logged in in one page at a time. I am
>>> assuming that sessions are shared.
>>> Cookies can be set using the domain to avoid this. Is there anything
>>> similar with sessions? Is there a work around? I'm also assuming that
>>> this will not be the case if I buy a hosting and create different
>>> domains for each web page. Is this true?
>>> Thank you in advance.
>>> Panagiotis.
>> Your problem is the domain is the same for both - so the browser will
>> send the session cookie to either one. This will not occur on a "live"
>> site.
>>
>> I'm assuming these will be two different sites when you upload them -
>> i.e.www.example.organdwww.example.com.
>>
>> If this is the case, you have another problem - you probably won't usewww.example1.com/page1andwww.example.com/page2when you upload them.
> I didn't quite get what did you meant with "you probably won't use
> www.example.com/page1 and www.example.com/page2
> I will be upload the two sites in the same hosting but the domains
> will be different (i.e. www.page1.com and www.page2.com)..
> Currently, using session_name("page1") and session_name("page2") works
> correctly. I'm not sure if this is how it should be..

First of all, please use www.example.com, www.example.org, etc. for
examples - unless you are "The Chronicle of Higher Education", which
owns page1.com, or Stepane Pacuad, who owns page2.com. The example.xxx
domains are specifically reserved for such use.

Yes, I mean you are uploading as two separate sites. So you should have
them defined on your system as two separate sites - not two
subdirectories on your local site.

And when you duplicate the remote environment on your local system, you
won't have to (mis)use functions such as session_name().

>> So, set up your web host to handle two different sites, and change your
>> HOSTS file to reflect the two sites. You can find more information on
>> how to do this in alt.apache.configuration (assuming, of course, this is
>> an Apache server).
>>
>> Then you will be duplicating the "live" environment - and possibly find
>> some bugs (i.e. with file paths) that you didn't know about before.
>>


--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Jerry Stuckle <jstucklex@attglobal.net> wrote:

>
> In this case both are on "localhost", so the domain is the same.

I've found, from JavaScript, might be the same with PHP, that using
'localhost' works on some browser and not on other, but using
'127.0.0.1' works with all browsers available on Mac OS X.

Even some browser allows cookies when using 'file:///path/to/some.html'
but not all.

Is that right ?

--
Une Bévue

These are not PHP questions, but I'll answer them. However, you need to
find a more appropriate newsgroup for your questions. This one is for
discussing how to program in PHP, not javascript or browsers.

Une Bévue wrote:
> Jerry Stuckle <jstucklex@attglobal.net> wrote:
>
>> In this case both are on "localhost", so the domain is the same.
>
> I've found, from JavaScript, might be the same with PHP, that using
> 'localhost' works on some browser and not on other, but using
> '127.0.0.1' works with all browsers available on Mac OS X.
>

This has nothing to do with either browsers or PHP - it's strictly a
TCP/IP function. Correctly set up, the system will know that
'localhost' indicates the loopback interface, 127.0.0.1.

And remember that Javascript runs on the client - so if you refer to
'localhost', you are referring to the client's system - not the server!


> Even some browser allows cookies when using 'file:///path/to/some.html'
> but not all.
>
> Is that right ?
>

file: goes directly to the file system and not through the web server.
You're not using HTTP, so cookies are not involved.



--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================