Welcome Guest, Not a member yet? Register   Sign In
Session mixed between 2 apps
#1

[eluser]Unknown[/eluser]
Hi to all, this is my first post. I'm working with CodeIgniter 1.7 and i have 2 applications on Apache server. One application is the copy of another but with different names and different configuration, i've copied one of the projects from the first one. I'm using PHP native session instead CI session because one day i had a problem suddenly, after the CI session had worked fine for months. But, the problem is that, i have a super class controller in core folder, this is the class:

Code:
<?php if (!defined('BASEPATH')) exit('No direct script access allowed');

class MY_Controller extends CI_Controller
{
function __construct() {
  parent::__construct();
  session_start();
  $this->validarAcceso();
}


function validarAcceso() {
  
  if($this->uri->segment(2) == '' && (isset($_SESSION['4pp']) && $_SESSION['4pp'] != 'DPRSFT')) {
   session_destroy();
     $data['msgMtto'] = 'Su sesión ha expirado o no había iniciado sesión en el sistema.';
   $data['msgType'] = 'MSG';
   redirect('login/goToLogin');
  }
  
  
     if(isset($_SESSION['usuario']) && $_SESSION['usuario'] != NULL && $_SESSION['4pp'] == 'DPRSFT') {
      
      if($this->uri->segment(2) != 'bienvenido')
      if($_SESSION['menu'] != NULL && count($_SESSION['menu']) > 0) {
       //Validamos si la uri es de una opcion a la que tiene permiso
       $opcCoinci = FALSE;
       foreach($_SESSION['menu'] as $row) {
        if($opcCoinci)
       break;
      
        if(strpos(str_replace('/', '', $row['url']), $this->uri->segment(1))!== false) {
         $opcCoinci = TRUE;  
       break;
      }
      if(isset($row['hijos']))
      foreach($row['hijos'] as $rowSon) {
       if( strpos(str_replace('/', '', $rowSon['url']), $this->uri->segment(1))!== false ) {
          $opcCoinci = TRUE;  
        break;
       }
      }
     }
     if(!$opcCoinci) {
      $data['msgMtto'] = 'Su usuario no tiene permiso para acceder a esa opción del sistema.';
      $data['msgType'] = 'MSG';
      redirect('login/bienvenido');
      //$this->load->view('welcome', $data);
     }
       } else {
       $data['msgMtto'] = 'Su usuario no tiene permiso para acceder a esa opción del sistema.';
     $data['msgType'] = 'MSG';
     redirect('login/bienvenido');
     //$this->load->view('welcome', $data);
     }
     } else {
      session_destroy();
      $data['msgMtto'] = 'Su sesión ha expirado o no había iniciado sesión en el sistema.';
    $data['msgType'] = 'MSG';
    redirect('login/goToLogin');
    //$this->load->view('inicioD', $data);
     }
    }


}

As you can see in each controller request i check the URL because i save the menu options in the database so i can manage user roles and the menu options of each user role. And when an url isn't in the user role's menu options i destroy the session and redirect to login page. The problem is, when i'm using both applications and i login on both apps (app 1 and app 2), if i try to access to an unauthorized option in the app 1 or if i try to access to a menu option without being logged, the controller destroys the session but when it does that, i lose the session in the app 2 and i don't know why destroys both sessions. Any ideas? Thanks in regard.
#2

[eluser]weboap[/eluser]
i will check the domain and path of cookies in your config. as those may be overriding each other if they are the same, possibly may explain why when you delete one the other go off.




Theme © iAndrew 2016 - Forum software by © MyBB