On Wed, 2009-07-22 at 03:45 +0700, Lenin wrote: > On Wed, Jul 22, 2009 at 3:24 AM, L.Guruprasad <lgp171...@gmail.com> wrote: > > > Hi, > > Floyd Resler wrote: > > > >> Keep in mind that sessions are based on the domain. I've run into > >> situations where someone will be working in several different sites that we > >> host. Each site is accessed via http://domain/site. Each site has it's > >> own database, users, etc. However, because they all hang off the same > >> domain, they get one session. That can really mess things up for the users > >> as they go from site to site. I got around this by using MySQL-based > >> sessions. It keeps things nice and separated. > >> > >> Take care, > >> Floyd > >> > > > > Will this be causing issues when http://1.a.b and http://2.a.b are the two > > PHP sites running on the same web server using virtualhosts? > > > As Floyd suggested keeping your sessions in the DB will give you better > session management and security as well.
Why would putting the session data in a database offer more security? I'm not meaning to try and poke holes in your idea, I genuinely don't know the answer! Thanks Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
