如果会话名称在两个不同的网站上相同会发生什么？

Question

I have a two diff. project on my XAMPP say it is Project1 and Project2 .
When i login with Project1 , i check authentication and if it is successful then stored session. The session name is $_SESSION['username'] .
The above process is same with Project2 .

now,to prevent direct access,i use this code(in both project):

if($_SESSION['username']=="")
{
  header("location:index.php");
}

so when i login with Project1 , i am also access Project2 (without login).
To prevent this, i know that if i create diff. session name for both project then it is solved.

The above thing is in my local server. so i can create diff. session name for my all project.

But suppose my site is online and what happen if my session name is match with diff. site?
There is a millions of websites and there is a possibility that my session name is match with another website's session name.Then this might be happen that some user access my website with another website(in same browser) and he might be access my site without login.

So what happen if session is same for two diff. website? Can user is access my website without login? If yes then what should i do to prevent it?

Thanks in advance.

UPDATE

according to @Let me see 's answer there is a possibility that if two sites are running on the same server then they may share the data.
So suppose the server is sharing then what should i do to prevent it?

Answer 1

Sessions are (usually) stored using cookies, and cookies are domain-specific. So, it doesn't matter if google.com or evilhackerdomain.ru uses the same session name as your app; your cookies are only readable/usable by the domains you specify. Even in the unusual scenario that sessions are managed in some other way, it will be domain-specific.

Answer 2

So suppose the server is sharing then what should I do to prevent it?

To answer your follow up question. You can simply name your session on a specific website using session_name() before your session_start().

session_name('PROJECT1');
session_start();

this one-liner should do it.

Answer 3

Normally the sessionID of the sessions is stored in a cookie and it is related to the hostname and it can be shared by the multiple hostnames having the same domain. and as it is obvious that sessions are stored on the server .
So there is a possibility that if two sites are running on the same server then they may share the data..Therefore you should always change the path for storing the sessions on the server for every different website

Answer 4

PHP Sessions are stored in Server. So there won't be any clash between same session names when you go live. Remember, You still have option to store your session in database, which helps you with more secutiry.

Answer 5

Nothing will happen. Because the other Site uses its own database (with own session and user tables). It would only matter if two Sites share the same Database, same tables and same session handling.

Answer 6

User cannot access without log in because of following reasons,

The session data is stored on the server . If two applications are running on the same server and the same domain name, then the possibility is there for them to share session data. Otherwise no conflicts with session values, if the domains are different.

Answer 7

I think if we use a security algorithm like MD5 to encrypt the session which you'll using to login. That will work without problem. For example:

$name_session='username';
$name_session=md5(md5(md5($name_session));
$_SESSION[$name_session]="username_logged";