Well im making a community website and so far i think its okish but... i dont no much about sessions at all...

Im currently host my site on a friends server along with his test site...

I went on his test site, logged on, had a look around and then went onto my test site but it showed my username for my friends site and said i was logged in with it when i hadnt logged on my test site...

all i have when it comes to sessions on my site is session_start() and afew session vars i use for username, password and user level... is there any way i can make it so my site picks up only from my site and no elses :S im all confused please help...

btw if you want a look my site is here AphoticDreams

xx kieran xx

give your username and password sessions different names than your buddies?

yea i guess but people could still set up a lil script to show all session vars... and then they could go onto my site and then onto the script they made and see all the session vars...

i just want something more secure + i dont really wanna spend AGES looking for all the session vars in my scripts to change the names of them

xx kieran xx

so make your sessions multidemensional I.E.

Code:

$_SESSION['site1']['username'] && $_SESSION['site1']['password']
$_SESSION['site2']['username'] && $_SESSION['site2']['password']

And your correct people could knock up a lil script but it will only show their session vars and nobody elses.

use a little imagination too.

If the session is set then they must have logged in already or you would not set their vars to $result->get_row().

And remember once you quit the browser your sessions will vanish.
Also look at cookies instead to allow cross site logins.

And finaly if your not prepared to edit your existing code then you should be doing a differnet job. I know a good coder is a lazy one but that does not mean you can get away with leaving your code and hoping for the best.

If they can break it they will!

Ibbo

Also, make sure that you are setting cookies on the client machine and compare the session to cookie on every page. this should eliminate anyone trying to read from another's session.