keeping session data across two domains

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • laredotornado@zipmail.com
    #1

    keeping session data across two domains

    Hi,

    I'm using PHP 4.4.4. I have two domains -- www.mydomain1.com and
    www.mydomain2.com. Both point to the same IP address. I have two
    pages on that IP -- first.php

    <?php
    session_start() ;
    $_SESSION['test'] = "hello";
    ?>

    and second.php

    <?php
    session_start() ;
    print $_SESSION['test'];
    ?>

    What I would like is when I first visit http://www.mydomain1.com/first.php
    and then visit http://www.mydomain2.com/second.php to have the word
    "hello" printed. Does anyone know how to adjust the above scripts or
    my environment to make this possible?

    Thanks, - Dave

    Tags: None
    • C.
      #2
      Re: keeping session data across two domains

      On 24 Sep, 20:58, "laredotorn...@ zipmail.com"
      <laredotorn...@ zipmail.comwrot e:
      Hi,
      >
      I'm using PHP 4.4.4. I have two domains --www.mydomain1.c omandwww.mydoma in2.com. Both point to the same IP address. I have two
      pages on that IP -- first.php
      >
      <?php
      session_start() ;
      $_SESSION['test'] = "hello";
      ?>
      >
      and second.php
      >
      <?php
      session_start() ;
      print $_SESSION['test'];
      ?>
      >
      What I would like is when I first visithttp://www.mydomain1.c om/first.php
      and then visithttp://www.mydomain2.c om/second.phpto have the word
      "hello" printed. Does anyone know how to adjust the above scripts or
      my environment to make this possible?
      >
      Thanks, - Dave
      I'll assume you're using cookies for sessions. In which case the
      question is how you get a cookie from one site set when you are
      accessing another.

      The solution is to suck in pages from both mydomain1 and mydomain2 at
      the point where the session is established. This could be done with
      frames or by redirection. Life's probably a lot simpler if you pass
      across the generated session id from one to the other, but you need to
      be wary of session fixation. Otherwise you'll probably need to write
      your own session handler to maintain 2 sessions alive and in sync.

      HTH

      C.

        Comment

        • laredotornado@zipmail.com
          #3
          Re: keeping session data across two domains

          On Sep 24, 3:51 pm, "C." <colin.mckin... @gmail.comwrote :
          On 24 Sep, 20:58, "laredotorn...@ zipmail.com"
          >
          >
          >
          >
          >
          <laredotorn...@ zipmail.comwrot e:
          Hi,
          >
          I'm using PHP 4.4.4. I have two domains --www.mydomain1.c omandwww.mydoma in2.com. Both point to the same IP address. I have two
          pages on that IP -- first.php
          >
          <?php
          session_start() ;
          $_SESSION['test'] = "hello";
          ?>
          >
          and second.php
          >
          <?php
          session_start() ;
          print $_SESSION['test'];
          ?>
          >
          What I would like is when I first visithttp://www.mydomain1.c om/first.php
          and then visithttp://www.mydomain2.c om/second.phptohav e the word
          "hello" printed. Does anyone know how to adjust the above scripts or
          my environment to make this possible?
          >
          Thanks, - Dave
          >
          I'll assume you're using cookies for sessions. In which case the
          question is how you get a cookie from one site set when you are
          accessing another.
          >
          The solution is to suck in pages from both mydomain1 and mydomain2 at
          the point where the session is established. This could be done with
          frames or by redirection. Life's probably a lot simpler if you pass
          across the generated session id from one to the other, but you need to
          be wary of session fixation. Otherwise you'll probably need to write
          your own session handler to maintain 2 sessions alive and in sync.
          >
          HTH
          >
          C.- Hide quoted text -
          >
          - Show quoted text -
          Thanks for your response, C. Regarding
          Life's probably a lot simpler if you pass
          across the generated session id from one to the other
          hate to be dense, but how do you do that? - Dave

            Comment

            • C.
              #4
              Re: keeping session data across two domains

              On 24 Sep, 21:59, "laredotorn...@ zipmail.com"
              <laredotorn...@ zipmail.comwrot e:
              On Sep 24, 3:51 pm, "C." <colin.mckin... @gmail.comwrote :
              >
              >
              >
              On 24 Sep, 20:58, "laredotorn...@ zipmail.com"
              >
              <laredotorn...@ zipmail.comwrot e:
              Hi,
              >
              I'm using PHP 4.4.4. I have two domains --www.mydomain1.c omandwww.mydoma in2.com. Both point to the same IP address. I have two
              pages on that IP -- first.php
              >
              The solution is to suck in pages from both mydomain1 and mydomain2 at
              the point where the session is established. This could be done with
              frames or by redirection. Life's probably a lot simpler if you pass
              across the generated session id from one to the other, but you need to
              be wary of session fixation. Otherwise you'll probably need to write
              your own session handler to maintain 2 sessions alive and in sync.
              >
              HTH
              >
              C.- Hide quoted text -
              >
              - Show quoted text -
              >
              Thanks for your response, C. Regarding
              >
              Life's probably a lot simpler if you pass
              across the generated session id from one to the other
              >
              hate to be dense, but how do you do that? - Dave
              When you start the session on, say domain1, include an iframe with a
              hidden div, and pass the sessionid to a page in domain2 which sets a
              session cookie:

              e.g. www.domain1.com/logged_in.php...

              <?php
              if (session_id()== '') {
              create_new_sess ion=true;
              }
              session_start() ;

              // .... start doing the page header and body...

              // ... at the very end of the page, before the </bodytag....

              if (create_new_ses sion) {
              session_commit( );
              $url="www.domai n2.com/sync_session.ph p?usesess=";
              $url.=base64enc ode(encrypt(ses sion_id() . '/' . time(),
              's3cr3t'));
              // I've not spelled out how to use mcrypt
              print "<iframe src=\"$url\" style=\"width:1 0px;height:5px\ "></
              iframe>\n";
              // nor added the css to make it invisible
              }
              ?>

              .....and www.domain2.com/sync_session.php:

              <?php

              $request_sessio n=decrypt(base6 4decode($_GET['usesess']), 's3cr3t');
              list($use_id,$r equested)=explo de('/',$request_sess ion);

              if ($requested<tim e()+10) {
              // allow a 10 second window to reduce probability of replay attacks
              // although a more complete solution would be to set a session
              variable in domain1 as a visa and
              // reset it here.
              set_cookie(sess ion_name(), $use_id);
              print "OK, using same session id";
              } else {
              print "Invalid sync request";
              }

              ?>

              ....or something like that. Not tested - YMMV.

              C.

                Comment

                Previous template Next
                Working...