如果会话名称在两个不同的网站上相同会发生什么? [英] What happens if session name is same on two different websites?

问题描述

我有两个差异.我的 XAMPP 上的项目说它是 Project1 和 Project2.
当我使用 Project1 登录时，我会检查身份验证，如果成功则存储会话.会话名称为 $_SESSION['username'].
上述过程与Project2相同.

I have a two diff. project on my XAMPP say it is Project1 and Project2.
When i login with Project1, i check authentication and if it is successful then stored session. The session name is $_SESSION['username'].
The above process is same with Project2.

现在，为了防止直接访问，我使用此代码(在两个项目中):

now,to prevent direct access,i use this code(in both project):

if($_SESSION['username']=="")
{
  header("location:index.php");
}

因此，当我使用 Project1 登录时，我也可以访问 Project2(无需登录).
为了防止这种情况，我知道如果我创建差异.两个项目的会话名称然后它就解决了.

so when i login with Project1, i am also access Project2(without login).
To prevent this, i know that if i create diff. session name for both project then it is solved.

上面的东西在我的本地服务器上.所以我可以创建差异.我所有项目的会话名称.

The above thing is in my local server. so i can create diff. session name for my all project.

但假设我的网站在线，如果我的会话名称与 diff 匹配会发生什么.网站?
有数百万个网站，我的会话名称可能与另一个网站的会话名称匹配.然后可能会发生这种情况，即某些用户使用另一个网站(在同一浏览器中)访问我的网站，而他可能会在没有访问我的网站的情况下访问我的网站登录.

But suppose my site is online and what happen if my session name is match with diff. site?
There is a millions of websites and there is a possibility that my session name is match with another website's session name.Then this might be happen that some user access my website with another website(in same browser) and he might be access my site without login.

那么如果两个差异的会话相同会发生什么.网站?用户可以在不登录的情况下访问我的网站吗?如果是，那么我应该怎么做才能防止它?

So what happen if session is same for two diff. website? Can user is access my website without login? If yes then what should i do to prevent it?

提前致谢.

更新

根据 @Let me see 的回答，如果两个站点在同一台服务器上运行，则它们可能会共享数据.
那么假设服务器正在共享，那么我应该怎么做才能防止它?

according to @Let me see's answer there is a possibility that if two sites are running on the same server then they may share the data.
So suppose the server is sharing then what should i do to prevent it?

推荐答案

会话(通常)使用 cookie 存储，而 cookie 是特定于域的.因此，google.com 或 evilhackerdomain.ru 是否使用与您的应用程序相同的会话名称并不重要；您的 cookie 只能由您指定的域读取/使用.即使在以其他方式管理会话的异常情况下，它也将是特定于域的.

Sessions are (usually) stored using cookies, and cookies are domain-specific. So, it doesn't matter if google.com or evilhackerdomain.ru uses the same session name as your app; your cookies are only readable/usable by the domains you specify. Even in the unusual scenario that sessions are managed in some other way, it will be domain-specific.

这篇关于如果会话名称在两个不同的网站上相同会发生什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！