I'm using the spotify api and for some reason their session class blocks to store own data in $_SESSION. As a workaround I wrote a class 'SystemHelper': namespace App; It is possible now to store data in $_SESSION but the problem is that as long as I'm logged in with my account (own login form, not spotfiy account), everybody else

(Spotify) how to stop cross browser session sharing?

I’m using the spotify api and for some reason their session class blocks to store own data in $_SESSION. As a workaround I wrote a class ‘SystemHelper’:

namespace App;

    class SystemHelper
    {

        /**
         * if session_id is empty string, then session_id has not been initialized
         * then set session_id named 'session1'
         * start session needs 2 parameters, name and value
         * always close session after writing
         *
         * @param   string  $name   any given name
         * @param   [type]  $value  any given value
         *
         */
        public static function customSessionStore($name, $value)
        {
    
            if (session_id() == '') {
                session_id('session1');
            }
            session_start();
            $_SESSION[$name] = $value;
            session_write_close();
        }

JavaScript
​x
 
    class SystemHelper    {​        /**         * if session_id is empty string, then session_id has not been initialized         * then set session_id named 'session1'         * start session needs 2 parameters, name and value         * always close session after writing         *         * @param   string  $name   any given name         * @param   [type]  $value  any given value         *         */        public static function customSessionStore($name, $value)        {                if (session_id() == '') {                session_id('session1');            }            session_start();            $_SESSION[$name] = $value;            session_write_close();        }​

It is possible now to store data in $_SESSION but the problem is that as long as I’m logged in with my account (own login form, not spotfiy account), everybody else is logged in, no matter which browser, ip, etc…

I don’t know how this can be solved. Shouldn’t session_id generate a random id? Anybody can help please?

Leaving out

            if (session_id() == '') {
                session_id('session1');
            }

JavaScript
 
            if (session_id() == '') {                session_id('session1');            }​

doesn’t solve it because I need to read and delete the data stored in session as well. So, additionally I have in this workaround:

    public static function customSessionRead($name)
        {

            if (session_id() == '') {
                session_id('session1');
            }
            session_start();
            session_write_close();

            return $_SESSION[$name];
        }

JavaScript
 
    public static function customSessionRead($name)        {​            if (session_id() == '') {                session_id('session1');            }            session_start();            session_write_close();​            return $_SESSION[$name];        }​

and…

    public static function customSessionDestroy()
        {
            session_start();
            session_destroy();
        }

JavaScript
 
    public static function customSessionDestroy()        {            session_start();            session_destroy();        }​

Answer

Solved, actually pretty simple. The problem first: If written like this:

    session_id('session1');

JavaScript
 
    session_id('session1');​

in both, customStore and customRead simply means resuming the session. Of course you will always get the same data, no matter which browser, ip, … that’s the point of resuming the session.

What is solved:

    session_create_id($name);

JavaScript
 
    session_create_id($name);​

So, the full again:

public static function customSessionStore($name, $value)
{
    // if (session_id() == '') {
    //     session_id('session1');
    // }
    session_create_id($name);
    session_start();
    $_SESSION[$name] = $value;
    session_write_close();
}

JavaScript
 
public static function customSessionStore($name, $value){    // if (session_id() == '') {    //     session_id('session1');    // }    session_create_id($name);    session_start();    $_SESSION[$name] = $value;    session_write_close();}​

and,

public static function customSessionRead($name)
{
    // if (session_id() == '') {
    //     session_id('session1');
    // }
    session_start();
    session_write_close();
    return $_SESSION[$name];
}

JavaScript
 
public static function customSessionRead($name){    // if (session_id() == '') {    //     session_id('session1');    // }    session_start();    session_write_close();    return $_SESSION[$name];}​

Advertisement

Answer