What happens if session name is same on two different websites?

后端 未结 7 1045
渐次进展
渐次进展 2021-01-13 07:23

I have a two diff. project on my XAMPP say it is Project1 and Project2.
When i login with Project1, i check authentic

相关标签:
7条回答
  • 2021-01-13 08:00

    Nothing will happen. Because the other Site uses its own database (with own session and user tables). It would only matter if two Sites share the same Database, same tables and same session handling.

    0 讨论(0)
  • 2021-01-13 08:03

    User cannot access without log in because of following reasons,

    The session data is stored on the server. If two applications are running on the same server and the same domain name, then the possibility is there for them to share session data. Otherwise no conflicts with session values, if the domains are different.

    0 讨论(0)
  • 2021-01-13 08:15

    Sessions are (usually) stored using cookies, and cookies are domain-specific. So, it doesn't matter if google.com or evilhackerdomain.ru uses the same session name as your app; your cookies are only readable/usable by the domains you specify. Even in the unusual scenario that sessions are managed in some other way, it will be domain-specific.

    0 讨论(0)
  • 2021-01-13 08:15

    PHP Sessions are stored in Server. So there won't be any clash between same session names when you go live. Remember, You still have option to store your session in database, which helps you with more secutiry.

    0 讨论(0)
  • 2021-01-13 08:21

    Normally the sessionID of the sessions is stored in a cookie and it is related to the hostname and it can be shared by the multiple hostnames having the same domain. and as it is obvious that sessions are stored on the server .
    So there is a possibility that if two sites are running on the same server then they may share the data..Therefore you should always change the path for storing the sessions on the server for every different website

    0 讨论(0)
  • 2021-01-13 08:22

    I think if we use a security algorithm like MD5 to encrypt the session which you'll using to login. That will work without problem. For example:

    $name_session='username';
    $name_session=md5(md5(md5($name_session));
    $_SESSION[$name_session]="username_logged";
    
    0 讨论(0)
提交回复
热议问题