How to restrict a session to a directory only in PHP?
Question by think123
I have an admin system and a user system on my website. Some data on the user system will not change, but the admin data will change instead. So I was wondering if there was a way to restrict the admin session (when they login) only to the admin directory (/admin), so that it does not interfere with the rest of my website?
Thanks,
Lucas
Answer by Michael Berkowski
There are many ways to handle something like this. Probably the easiest is to check the permissions and $_SERVER['REQUEST_URI'], and if the user isn’t in the admin/ area, redirect into it.
// Assuming you've saved an admin flag in session
// and the user request URI doesn't contain admin/
if ($_SESSION['admin'] === TRUE && !preg_match('/admin//' $_SERVER['REQUEST_URI'])) {
// redirect into the admin/ area
header("Location: http://example.com/admin");
exit();
}
Update:
By popular request, here’s the reverse to enforce an admin login in the admin/ directory
if ((!isset($_SESSION['admin'] || $_SESSION['admin'] === FALSE) && preg_match('/admin//' $_SERVER['REQUEST_URI'])) {
// redirect out of the admin/ area
header("Location: http://example.com/");
exit();
}
Actually, assuming the admin pages are separate scripts, you don’t really need the preg_match() in this part. But if you have an MVC pattern where the admin script may not actually be served from a file in the admin directory, use the regex match.
Answer by Starx
It is not a solution, but it is a workaround. You can use same session for this too. Just create the session identifier for each path at the path name as
$_SESSION['path/to/admin']['var1'] = 'value1';
$_SESSION['path/to/admin']['var2'] = 'value2';
Such way, you can retrieve the value of path independent session variables.
