Client Clones and Server Sessions

By Tony Marston
2005-05-06


Dynamically changing the Session Name
Simply using the session_name() function to change the session name will not solve the problem. There are additional items that must be taken into consideration:

• You must convey the new session name back to the client so that it can include that new name in every GET and POST request.

• You must allocate a new session identity, otherwise the session data which is linked to the original identity will continue to be used.

• You must know when to perform the session name/session id split so that a new browser window can use separate session data from other browser windows. Sadly this process cannot be automatic, so it must be triggered manually at the client end.
I have created code which solves this problem, and I include here for your edification.

The following code is run at the start of each script so that it can extract the session name from the contents of either the GET or POST request.

global $session_name;

if (isset($_REQUEST['session_name'])) {

    // use session name passed via $_GET or $_POST

    $session_name = $_REQUEST['session_name'];

} // if

The following code will use the existing session name (if supplied) or generate a new one.

// get details from any previous session

if (isset($session_name)) {

    // use existing session name

} else {

    // assign new session name

    $session_name = getNewSession('menu');

} // if

session_name($session_name);

session_start();

The session_name() function will tell PHP to use this name in place of any previously supplied by any php.ini or .htaccess file.

The session_start() function will extract the session id that goes with this name and use that to retrieve previously-stored data and load it into the $_SESSION array, or it will generate a new id and start with an empty $_SESSION array.

The custom function getNewSession() is defined as follows:

function getNewSession ($prefix='menu')

// create a new session name using $prefix + a number.

{

    // step through numbers 0-99

    for ($i = 0; $i <= 99; $i++) {

        $session_name = $prefix .$i;

        if (!array_key_exists($session_name, $_COOKIE)) {

            break;

        } // if

    } // if

    

    return $session_name;



} // getNewSession

All that is required after this point is to ensure that the new session name is built into every subsequent request from that client. This is done as follows:

• For POST requests ensure each HTML form element includes the following:

<input type="hidden" name="session_name" value="whatever" />

• For GET requests ensure each hyperlink includes the following:

<a href="http://www.whatver.com?session_name=whatever">whatever</a>

Tutorial Pages:
» Introduction
» Session Identities
» Session Names and Session Cookies
» Dynamically changing the Session Name
» Starting a new session

Related Tutorials: » Zend Framework Tutorial » Port Scanning and Service Status Checking in PHP » Web Database Access from Desktop Applications » CubeCart 3.0 Installation and Configuration » PHP Site Search Made Easy » Installing and Configuring Drupal 6.1

Tutorials AJAX ASP CGI & Perl CSS Flash HTML Illustrator Java JavaScript Linux MySQL PHP Photoshop Python Wireless XML Miscellaneous Scripts AJAX ASP ASP.NET CGI & Perl Flash Java JavaScript PHP Python Remotely Hosted Tools & Utilities XML Web Hosting Articles ASP.NET Budget Dedicated Servers Ecommerce Linux Resellers Shared Small Business Windows Developer Manuals Learn HTML Learn PHP Learn CSS Learn AJAX Learn JavaScript Learn Pear White Papers Resources Developer Tools Developer Content