The problem:
Suppose I want a dev (for development) and a prd (for production) environment on the same server, yet in a different directory.
Assume I am using apache (in my case Uniform server) on windows (for linux the solution is similar).
Then I have c:\uniform\www as my root dir with prd and dev as subdirs.
If you have the two environments together you can have a serious, the scenario:
I login on dev and then change the url to one with prd in it. That basically means that anyone can simply get into the other enronment.
This is of course not preferred. Another issue is that you can not login to dev AND prd on the same browser (different browser tab) and work on both
together. So there is a simple solution for this. scriptcase allows its own session management via databases and so on. But that is basically more work then the
solution below.
Scriptcase uses session_start to start a php session. Standard in php the session is stored in the PHPSESSID cookie. So what if I can store the info in a cookie
that depends on the path?
Well that seems quite possible. The solution to this is in the .htaccess files.
I add to c:\uniform\www\prd the following .htaccess file:
php_value session.name “PRDSESSID”
and in c:\uniform\wwwdev the following .htaccess file:
php_value session.name “DEVSESSID”
For this to work the root path c:/uniserver/www normally contains:
<Directory “c:/UniServer/www”>
#
# Possible values for the Options directive are “None”, “All”,
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that “MultiViews” must be named explicitly — “Options All”
# doesn’t give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/trunk/mod/core.html#options
# for more information.
#
#Options Indexes FollowSymLinks
Options Indexes Includes
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride All
#
# Controls who can get stuff from this server.
#
Require all granted
</Directory>
So for uniform this already works
For some others you may need to explicitly set: AllowOverride All and Require all granted
If these are missing then you need to add them.
For more details look at: http://httpd.apache.org/docs/trunk/mod/mod_authz_core.html
and http://httpd.apache.org/docs/current/mod/core.html#allowoverride
That is basically it…