How to prevent PHP sessions being shared between different apache vhosts / different applications

When you run multiple applications on one server, you might run into the session-sharing problem: All your applications share the same pool of PHP sessions. This is especially bad when running multiple instances of the same software, like multiple WordPress blogs etc.

Usually, when running multiple applications, you’ll do this with multiple VirtualHosts on your server (i cannot go into detail what a VirtualHost is or how to setup, as you probably already know when reading such an article). The way to go is simple: Set a different PHP session folder for every VirtualHost, like this:

php_value session.save_path "/var/mysessionsforapplication_1"

In this example I’m running two instances of the same application on one server, each one on a different port (you might want to use a domain name here).

<VirtualHost *:81>
    ...
    DocumentRoot /var/www/app1
    <Directory "/var/www/app1">
        AllowOverride All
        php_value session.save_path "/var/mysessionsforapplication_1"
   </Directory>
</VirtualHost>

<VirtualHost *:82>
    ...
    DocumentRoot /var/www/app2
    <Directory "/var/www/app2">
        AllowOverride All
        php_value session.save_path "/var/mysessionsforapplication_2"
   </Directory>
</VirtualHost>

Please note that you need to restart the apache after you’ve changed things like that. Setting up VirtualHosts is a topic on it’s own, so it’s not covered here. In most cases editing

/etc/apache2/sites-available/default

will do the job.

This article was written quite a while ago (7 years), please keep this in mind when using the information written here. Links, code and commands might be outdated or broken.

Random articles

1 Comment

Marcello Kad Cadoni

May 27, 2015 1:24 pm

Why you don’t put this parameter into the Virtualhost tag instead of directory tag?

Reply

How to prevent PHP sessions being shared between different apache vhosts / different applications

Random articles

1 Comment

Leave A Comment Cancel reply

Push database changes to all clients in real-time (!) with AngularJS and Firebase

[FREE SERVER PROMO] Install GHOST for free on a free SSD server with this coupon

JavaScript Testing Tactics (21min video by Justin Searls)

Must-read PHP blog: PHPweekly.com

A quick guideline on how to fix the Hearthbleed bug (and update OpenSSL) on Ubuntu

Disappointed by Watch Dogs’s graphics ? See how it looks with unlocked, hidden settings. Awesome!

O’Reilly’s Programming JavaScript Applications by Eric Elliott for free (Early Access release)

Slides & talks from PHP UK Conference 2014

How to setup and use XDEBUG with PHPStorm 6/7 (locally in Windows 7/8 and Mac OS X)

DEF CON 18 – When your computer got stolen and you can still SSH into it: “Pwned by the 0wner” (22min conference talk)

How to debug code on a remote server (or in vagrant box) with PHPStorm

A collection of beautiful ajax loaders / spinners in pure .svg / CSS

Adobe releases Firebug-like developer tools to edit and extract PSDs

ilovepreloaders – A tumblr collection of preloader animations

The New Era of JavaScript (28min conference talk, Jack Franklin, 2013)

O’Reilly’s Programming JavaScript Applications by Eric Elliott for free (Early Access release)

Get visitor stats for your GitHub repo with BitDeli

How major web companies (and banks) handle passwords quite wrong

A super-simple pre-configured Vagrant box with HipHop, Hack and Hack code examples

SensioLabs, creator of Symfony and Silex PHP frameworks, gets $7 million capital

Dangerous Performance Myths in the Web (video talk by Thomas Lohner, PHPUG Latvia)

How to setup a config-free WordPress, PHP and MySQL (for local development) in Windows 7 / 8 in under 3 minutes

Which server OS version to choose ? Some EOL lists of Debian, Ubuntu and CentOS