PEAR auth package - how does setSessionname work?

PEAR auth package - how does setSessionname work?

am 12.08.2007 18:05:50 von kevin bailey

I have used the PEAR Auth package to successfully set up authentication.



// Details of where the authentication details are stored.
$options = array(
'dsn' => "pgsql://graphicomm2:pw@localhost/graphicomm2",
'table' => "v_active_users",
'usernamecol' => "f_email",
'passwordcol' => "f_password",
);
$a = new Auth("MDB2", $options, "loginFunction");
$a->setSessionname("GCERP");
$a->start();


However, this does not seem to change the session name in the browser when I
check the cookies.

But -but - but - it does work in the sense that I can log in to two
different php applications from different tabs on the same browser and the
authentication is separate. I.e. if I am logged into one app it does not
mean that I am allowed to access the second app.

The problem I have is that $_SESSION variables seem to be cross
application!?! I.e. if I use a $_SESSION variable it can be accessed from
either application.

Now I know I can uniquely name the $_SESSION variables which will probably
be the interim solution but I would have thought that there would be a way
of limiting $_SESSION variables to that particular session as set by the
setSessionname.

Any thoughts - thanks,

Kevin

Re: PEAR auth package - how does setSessionname work?

am 17.08.2007 03:44:00 von petersprc

You can use $_SESSION['app1']['x'] = 'y' and $_SESSION['app2']['a'] =
'b'.

This is how Auth does it internally. setSessionName tells the Auth
package to use values in $_SESSION['_auth_sessionName'] where
sessionName is the given name.

On Aug 12, 12:05 pm, kevin bailey wrote:
> I have used the PEAR Auth package to successfully set up authentication.
>
>
> // Details of where the authentication details are stored.
> $options = array(
> 'dsn' => "pgsql://graphicomm2:pw@localhost/graphicomm2",
> 'table' => "v_active_users",
> 'usernamecol' => "f_email",
> 'passwordcol' => "f_password",
> );
> $a = new Auth("MDB2", $options, "loginFunction");
> $a->setSessionname("GCERP");
> $a->start();
>
>
> However, this does not seem to change the session name in the browser when I
> check the cookies.
>
> But -but - but - it does work in the sense that I can log in to two
> different php applications from different tabs on the same browser and the
> authentication is separate. I.e. if I am logged into one app it does not
> mean that I am allowed to access the second app.
>
> The problem I have is that $_SESSION variables seem to be cross
> application!?! I.e. if I use a $_SESSION variable it can be accessed from
> either application.
>
> Now I know I can uniquely name the $_SESSION variables which will probably
> be the interim solution but I would have thought that there would be a way
> of limiting $_SESSION variables to that particular session as set by the
> setSessionname.
>
> Any thoughts - thanks,
>
> Kevin