tags:

views:

680

answers:

5
Q: 

Destroy session variables in another application

I have two applications, one is the front end application, another is the backend one.

Each application has their own copy of identical user database. When a user logs into the front end application, I will also simultaneously log int the backend application using the web services provided by the backend application.

The question now is is it possible for me to destroy the backend session from front end application? The backend uses $_Session super global array to store all the session information. If yes, how?

A: 

You'll need to delete the session record from the database or the file (depending on your system's configuration).

The system likely defaults to use a file based session and you can determine the directory using the session_save_path. It's almost certainly much easier to use sessions stored in a database instead of on the file system.

acrosman  2009-02-21 03:34:42
A: 

If you can use the web service exposed by the back-end application for logging a user IN, why can't you use it to log the user OUT, as well? That way one app doesn't have to know how the other implements sessions (or have privliedges to muck around in there).

If this isn't possible, you'll have to do as acrosman suggests, and dig into the session files or database.

grossvogel  2009-02-21 03:57:43
As weird as it seems, the the web service only covers login, but not logout. Actually the backend was not written by me ( it was written by someone else and I better not touch it), so I have no choice here.
Ngu Soon Hui  2009-02-21 04:22:00
A: 

how are you relating the front-end sessions, to back-end sessions? if you keep a mapping the session name (unique value used as session ID) of the front-end and back-end sessions, then you can easily find the back-end session (it can be saved on files, or database) and then delete the session record. use this line to find out what handler is being used to store session files:

$handler = init_get('session.save_handler');

you can use this line to find out where session files are stored:

 $path = ini_get('session.save_path');

then you can delete the session file, or database record.

you can also create a web service method to destroy back-end sessions, and then call it from the front end.

farzad  2009-02-21 04:51:17
A: 

If the two applications are in different subdomains of the same domain, you could save a cookie instructing the admin application that the user is logged out. Then have the admin application itself remove the session and the "logged out" cookie.

SorinV  2009-02-22 08:08:41
+1  A: 

Yes it is.

I asume that you are using the same session ID name for both front and back. I think the default is PHP_SESSID. If this is the case, then all the session details will be being stored in the one location.

I am also asuming that the domain of front and back end is teh same.. if it is different, then it wont work, as web browsers will not share session information between different domains.

if you use different session ID names for front and back end, then you will have to get tricky. (the session ID for both will be in the request data, you will just have to load up both sessions and destroy them both.)

use:

session_destroy();
Bingy  2009-02-22 09:27:39

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases