How to prevent PHP sessions being shared between different apache vhosts / different applications

When you run multiple applications on one server, you might run into the session-sharing problem: All your applications share the same pool of PHP sessions. This is especially bad when running multiple instances of the same software, like multiple WordPress blogs etc.

Usually, when running multiple applications, you’ll do this with multiple VirtualHosts on your server (i cannot go into detail what a VirtualHost is or how to setup, as you probably already know when reading such an article). The way to go is simple: Set a different PHP session folder for every VirtualHost, like this:

php_value session.save_path "/var/mysessionsforapplication_1"

In this example I’m running two instances of the same application on one server, each one on a different port (you might want to use a domain name here).

<VirtualHost *:81>
    ...
    DocumentRoot /var/www/app1
    <Directory "/var/www/app1">
        AllowOverride All
        php_value session.save_path "/var/mysessionsforapplication_1"
   </Directory>
</VirtualHost>

<VirtualHost *:82>
    ...
    DocumentRoot /var/www/app2
    <Directory "/var/www/app2">
        AllowOverride All
        php_value session.save_path "/var/mysessionsforapplication_2"
   </Directory>
</VirtualHost>

Please note that you need to restart the apache after you’ve changed things like that. Setting up VirtualHosts is a topic on it’s own, so it’s not covered here. In most cases editing

/etc/apache2/sites-available/default

will do the job.

This article was written quite a while ago (7 years), please keep this in mind when using the information written here. Links, code and commands might be outdated or broken.

Random articles

1 Comment

Marcello Kad Cadoni

May 27, 2015 1:24 pm

Why you don’t put this parameter into the Virtualhost tag instead of directory tag?

Reply

How to prevent PHP sessions being shared between different apache vhosts / different applications

Random articles

1 Comment

Leave A Comment Cancel reply

Push database changes to all clients in real-time (!) with AngularJS and Firebase

Google rolls out Chrome 37, finally fixes horrible font-rendering

[video] Netflix JavaScript Talks about ECMAScript 7: The Evolution of JavaScript

Hacked french TV channel exposed passwords in TV interview (video, screenshots, links)

Nice gifts for devs: Nerdy playing-cards decks

PHP 5.7 gets refactored core, is 10%-30% faster than PHP 5.5! Wow!

How to fix the ugly font rendering in Google Chrome

How to install/setup latest version of PHP 5.5 on Debian Wheezy 7.0/7.1/7.2 (and how to fix the GPG key error)

[german] Modernes Frontend-Development mit Bower, Grunt, Yeoman (45min Video, Thorsten Rinne auf der IPC2013)

What’s new in PHPStorm 9

PHP 5.6.0 RC1 is available

Tim Sweeney talks about the future of game graphics (and which hardware we need to “clone” reality)

How to get a single table out of a massive MySQL .sql database backup file (mysql dump splitter)

Useful basic linux stuff: Show kernel version, distribution name and distribution version on Ubuntu systems

Interesting: code of the same application in PHP, Python, Ruby, Closure, node.js, Java and Go

How Snapchat wants to earn money (by establishing vertical videos)

The difference between “composer install” and “composer update” – nailed on the head

How to professionally test on old Internet Explorer versions

A super-simple Vagrant LAMP stack bootstrap (installable with one command)

Sitepoint asks for your favourite PHP IDE – take part!

[Link] Making a website vertically responsive

A quick video introduction into Shadow-DOM, the game-changing DOM-subtree-technology

PHPStorm 8 has just been released

Must-read PHP blog: PHPweekly.com

How major web companies (and banks) handle passwords quite wrong