PHP How can I create multiple sessions?

Asked 25/7, 2014 at 21:22 Answered 15/4, 2018 at 17:30

I want to be able to switch back and forth between sessions in php. Here is my current code:

<?php

session_name("session1");
session_start();
$_SESSION["name"] = "1";
echo "<pre>", print_r($_SESSION, 1), "</pre>";
session_write_close();

session_name("session2");
session_start();
$_SESSION["name"] = "2";
echo "<pre>", print_r($_SESSION, 1), "</pre>";
session_write_close();

session_name("session1");
session_start();
echo "<pre>", print_r($_SESSION, 1), "</pre>";

I want it to output

Array
(
    [name] => 1
)
Array
(
    [name] => 2
)
Array
(
    [name] => 1
)

but it is outputting

Array
(
    [name] => 1
)
Array
(
    [name] => 2
)
Array
(
    [name] => 2
)

Is it possible to switch between sessions like that? I don't need two sessions running at the same time, but I do need to be able to switch between them. When I run this code, I get two cookies: session1 and session2 with the same value.

Thanks for any help!

Fungicide answered 25/7, 2014 at 21:22 Comment(12)

Might help: #7551904 – Ybarra 25/7, 2014 at 21:28

Thanks, I already saw that. That is exactly what I need, but for some reason it is not working. – Fungicide 25/7, 2014 at 21:29

Your title says it's "not working" when in fact it's not doing what you think it should do. Why not ask the appropriate question, How can I do x? This is what I've tried. – Ybarra 25/7, 2014 at 21:31

Using one session_start(); only. – Yuu 25/7, 2014 at 21:32

@Fred-ii- you mean leaving out session_write_close and only one session_start? – Fungicide 25/7, 2014 at 21:33

Use one of each only. – Yuu 25/7, 2014 at 21:33

If you wish to switch, then use just that; switch() along with conditional statements. php.net/manual/en/control-structures.switch.php – Yuu 25/7, 2014 at 21:35

@Fred-ii- It doesn't work, but I probably did something wrong. So far I have one session_start in the first chunk along with a session_write_close, and a session_name in the second chunk, as well as the third. For your second comment, could you please elaborate a little more? – Fungicide 25/7, 2014 at 21:37

Here's an answer on a similar (same?) question: https://mcmap.net/q/540776/-can-you-switch-php-sessions-in-a-session (or this answer) You might read through the whole question/answers/comments, especially the security ramifications. – Ybarra 25/7, 2014 at 21:38

@Nathan, It doesn't work because you have no if-statements. Otherwise, if you've tried with control logic, update the code in the question I guess. – Happ 25/7, 2014 at 21:39

Just as explained by developerwjk and in my comment. Plus, switch() allows you more control along with conditional statements. – Yuu 25/7, 2014 at 21:40

@Happ Please elaborate. How will if statements help this? I am a php programmer but have never attempted to change sessions before. Thanks for all your help! – Fungicide 25/7, 2014 at 21:45

What you need to use is session_id() instead of session_name()

<?php

session_id("session1");
session_start();
echo session_id();
$_SESSION["name"] = "1";
echo "<pre>", print_r($_SESSION, 1), "</pre>";
session_write_close();

session_id("session2");
echo session_id();
session_start();
$_SESSION["name"] = "2";
echo "<pre>", print_r($_SESSION, 1), "</pre>";
session_write_close();

session_id("session1");
echo session_id();
session_start();
echo "<pre>", print_r($_SESSION, 1), "</pre>";
session_write_close();

session_id("session2");
echo session_id();
session_start();
echo "<pre>", print_r($_SESSION, 1), "</pre>";

This will print:

session1

Array
(
    [name] => 1
)

session2

Array
(
    [name] => 2
)

session1

Array
(
    [name] => 1
)

session2

Array
(
    [name] => 2
)

session_id is an identifier for a session, which helps in distinguishing sessions. session_name is only a named alias for the current session

Enneahedron answered 25/7, 2014 at 21:55 Comment(4)

If you use this technique, different users with the same session ID will share their session variables. Session IDs are supposed to be unique and hard to guess. – Swec 23/2, 2015 at 22:50

The idea is that different users should not be provided the same session ID. Naturally it will not be a simple string like session1,sesson2 instead would be a uuid unique to that user or session. – Enneahedron 26/2, 2015 at 2:56

This solution implies huge security risks unless well implemented. – Badenpowell 21/2, 2016 at 22:34

This works for me, as mentioned in the reply, you need to keep a unique and secure session id. – Connubial 15/3, 2016 at 5:47

As the comments to the existing answer indicate, the offered solution might not be ideal and I would like to provide some alternative. Let it be a function named sane_session_name(), which looks like this:

function sane_session_name($name)
{
    session_name($name);
    if(!isset($_COOKIE[$name]))
    {
        $_COOKIE[$name] = session_create_id();
    }
    session_id($_COOKIE[$name]);
}

By using the "sane" subsitution for session_name() in the OP's original code, we get this:

<?php
sane_session_name("session1");
session_start();
$_SESSION["name"] = "1";
echo "<pre>", print_r($_SESSION, 1), "</pre>";
session_write_close();

sane_session_name("session2");
session_start();
$_SESSION["name"] = "2";
echo "<pre>", print_r($_SESSION, 1), "</pre>";
session_write_close();

sane_session_name("session1");
session_start();
echo "<pre>", print_r($_SESSION, 1), "</pre>";

and it will yield the desired output:

Array
(
    [name] => 1
)

Array
(
    [name] => 2
)

Array
(
    [name] => 1
)

What is different?

To point out the difference between this answer and the raidenace's answer:

In raidenace's answer two sessions are created for all clients shared among all visitor of the website.
With this answer two sessions are created for each visitor to the website. Consequently this would allow that in the $_SESSION superglobal different content can be stored for visitor Alice and Bob, while in the other two website visitor Alice an Bob would "share the data", and rather pointlessly a cookie named PHPSESSID with the value session2 is set each time and send back and forth.

Security

To protect those "multiple (per user) sessions" from session fixation and session hijacking, we can further use this litte function

function sane_session_start($name)
{
    ini_set("session.use_strict_mode",true);
    ini_set("session.cookie_httponly",true);
    session_name($name);
    if(!isset($_COOKIE[$name]))
    {
        $_COOKIE[$name] = session_create_id();
    }
    session_id($_COOKIE[$name]);
    session_start();
    session_regenerate_id(true);
    $_COOKIE[$name] = session_id();
}

and have the OP's code look like this:

<?php
sane_session_start("session1");
$_SESSION["name"] = "1";
echo "<pre>", print_r($_SESSION, 1), "</pre>";
session_write_close();

sane_session_start("session2");
$_SESSION["name"] = "2";
echo "<pre>", print_r($_SESSION, 1), "</pre>";
session_write_close();

sane_session_start("session1");
echo "<pre>", print_r($_SESSION, 1), "</pre>";

Discharge answered 15/4, 2018 at 17:30 Comment(1)

Simply awesome. – Fotinas 25/5, 2020 at 5:37

Recommended topics

Hot tags