How to prevent PHP sessions being shared between different apache vhosts / different applications

When you run multiple applications on one server, you might run into the session-sharing problem: All your applications share the same pool of PHP sessions. This is especially bad when running multiple instances of the same software, like multiple WordPress blogs etc.

Usually, when running multiple applications, you’ll do this with multiple VirtualHosts on your server (i cannot go into detail what a VirtualHost is or how to setup, as you probably already know when reading such an article). The way to go is simple: Set a different PHP session folder for every VirtualHost, like this:

php_value session.save_path "/var/mysessionsforapplication_1"

In this example I’m running two instances of the same application on one server, each one on a different port (you might want to use a domain name here).

<VirtualHost *:81>
    ...
    DocumentRoot /var/www/app1
    <Directory "/var/www/app1">
        AllowOverride All
        php_value session.save_path "/var/mysessionsforapplication_1"
   </Directory>
</VirtualHost>

<VirtualHost *:82>
    ...
    DocumentRoot /var/www/app2
    <Directory "/var/www/app2">
        AllowOverride All
        php_value session.save_path "/var/mysessionsforapplication_2"
   </Directory>
</VirtualHost>

Please note that you need to restart the apache after you’ve changed things like that. Setting up VirtualHosts is a topic on it’s own, so it’s not covered here. In most cases editing

/etc/apache2/sites-available/default

will do the job.