Helping ordinary people create extraordinary websites!

Client Clones and Server Sessions

By Tony Marston
2005-05-06

Dynamically changing the Session Name
Simply using the session_name() function to change the session name will not solve the problem. There are additional items that must be taken into consideration:

• You must convey the new session name back to the client so that it can include that new name in every GET and POST request.

• You must allocate a new session identity, otherwise the session data which is linked to the original identity will continue to be used.

• You must know when to perform the session name/session id split so that a new browser window can use separate session data from other browser windows. Sadly this process cannot be automatic, so it must be triggered manually at the client end.
I have created code which solves this problem, and I include here for your edification.

The following code is run at the start of each script so that it can extract the session name from the contents of either the GET or POST request. 

global $session_name;

if (isset($_REQUEST['session_name'])) {

    // use session name passed via $_GET or $_POST

    $session_name = $_REQUEST['session_name'];

} // if
The following code will use the existing session name (if supplied) or generate a new one. 

// get details from any previous session

if (isset($session_name)) {

    // use existing session name

} else {

    // assign new session name

    $session_name = getNewSession('menu');

} // if

session_name($session_name);

session_start();
The session_name() function will tell PHP to use this name in place of any previously supplied by any php.ini or .htaccess file.

The session_start() function will extract the session id that goes with this name and use that to retrieve previously-stored data and load it into the $_SESSION array, or it will generate a new id and start with an empty $_SESSION array.

The custom function getNewSession() is defined as follows: 

function getNewSession ($prefix='menu')

// create a new session name using $prefix + a number.

{

    // step through numbers 0-99

    for ($i = 0; $i <= 99; $i++) {

        $session_name = $prefix .$i;

        if (!array_key_exists($session_name, $_COOKIE)) {

            break;

        } // if

    } // if

    

    return $session_name;



} // getNewSession
All that is required after this point is to ensure that the new session name is built into every subsequent request from that client. This is done as follows:

• For POST requests ensure each HTML form element includes the following:

<input type="hidden" name="session_name" value="whatever" />

• For GET requests ensure each hyperlink includes the following:

<a href="http://www.whatver.com?session_name=whatever">whatever</a>



Tutorial pages:
 1 Votes

You might also want to check these out:


Leave a Comment on "Client Clones and Server Sessions"
You must be logged in to post a comment.

Link to This Tutorial Page!
GET OUR NEWSLETTERS