keeping session data across two domains

keeping session data across two domains

am 24.09.2007 21:58:14 von laredotornado

Hi,

I'm using PHP 4.4.4. I have two domains -- www.mydomain1.com and
www.mydomain2.com. Both point to the same IP address. I have two
pages on that IP -- first.php

session_start();
$_SESSION['test'] = "hello";
?>

and second.php

session_start();
print $_SESSION['test'];
?>

What I would like is when I first visit http://www.mydomain1.com/first.php
and then visit http://www.mydomain2.com/second.php to have the word
"hello" printed. Does anyone know how to adjust the above scripts or
my environment to make this possible?

Thanks, - Dave

Re: keeping session data across two domains

am 24.09.2007 22:51:16 von colin.mckinnon

On 24 Sep, 20:58, "laredotorn...@zipmail.com"
wrote:
> Hi,
>
> I'm using PHP 4.4.4. I have two domains --www.mydomain1.comandwww.mydomain2.com. Both point to the same IP address. I have two
> pages on that IP -- first.php
>
> > session_start();
> $_SESSION['test'] = "hello";
> ?>
>
> and second.php
>
> > session_start();
> print $_SESSION['test'];
> ?>
>
> What I would like is when I first visithttp://www.mydomain1.com/first.php
> and then visithttp://www.mydomain2.com/second.phpto have the word
> "hello" printed. Does anyone know how to adjust the above scripts or
> my environment to make this possible?
>
> Thanks, - Dave

I'll assume you're using cookies for sessions. In which case the
question is how you get a cookie from one site set when you are
accessing another.

The solution is to suck in pages from both mydomain1 and mydomain2 at
the point where the session is established. This could be done with
frames or by redirection. Life's probably a lot simpler if you pass
across the generated session id from one to the other, but you need to
be wary of session fixation. Otherwise you'll probably need to write
your own session handler to maintain 2 sessions alive and in sync.

HTH

C.

Re: keeping session data across two domains

am 24.09.2007 22:59:01 von laredotornado

On Sep 24, 3:51 pm, "C." wrote:
> On 24 Sep, 20:58, "laredotorn...@zipmail.com"
>
>
>
>
>
> wrote:
> > Hi,
>
> > I'm using PHP 4.4.4. I have two domains --www.mydomain1.comandwww.mydomain2.com. Both point to the same IP address. I have two
> > pages on that IP -- first.php
>
> > > > session_start();
> > $_SESSION['test'] = "hello";
> > ?>
>
> > and second.php
>
> > > > session_start();
> > print $_SESSION['test'];
> > ?>
>
> > What I would like is when I first visithttp://www.mydomain1.com/first.php
> > and then visithttp://www.mydomain2.com/second.phptohave the word
> > "hello" printed. Does anyone know how to adjust the above scripts or
> > my environment to make this possible?
>
> > Thanks, - Dave
>
> I'll assume you're using cookies for sessions. In which case the
> question is how you get a cookie from one site set when you are
> accessing another.
>
> The solution is to suck in pages from both mydomain1 and mydomain2 at
> the point where the session is established. This could be done with
> frames or by redirection. Life's probably a lot simpler if you pass
> across the generated session id from one to the other, but you need to
> be wary of session fixation. Otherwise you'll probably need to write
> your own session handler to maintain 2 sessions alive and in sync.
>
> HTH
>
> C.- Hide quoted text -
>
> - Show quoted text -

Thanks for your response, C. Regarding

> Life's probably a lot simpler if you pass
> across the generated session id from one to the other

hate to be dense, but how do you do that? - Dave

Re: keeping session data across two domains

am 25.09.2007 14:01:28 von colin.mckinnon

On 24 Sep, 21:59, "laredotorn...@zipmail.com"
wrote:
> On Sep 24, 3:51 pm, "C." wrote:
>
>
>
> > On 24 Sep, 20:58, "laredotorn...@zipmail.com"
>
> > wrote:
> > > Hi,
>
> > > I'm using PHP 4.4.4. I have two domains --www.mydomain1.comandwww.mydomain2.com. Both point to the same IP address. I have two
> > > pages on that IP -- first.php
>
> > The solution is to suck in pages from both mydomain1 and mydomain2 at
> > the point where the session is established. This could be done with
> > frames or by redirection. Life's probably a lot simpler if you pass
> > across the generated session id from one to the other, but you need to
> > be wary of session fixation. Otherwise you'll probably need to write
> > your own session handler to maintain 2 sessions alive and in sync.
>
> > HTH
>
> > C.- Hide quoted text -
>
> > - Show quoted text -
>
> Thanks for your response, C. Regarding
>
> > Life's probably a lot simpler if you pass
> > across the generated session id from one to the other
>
> hate to be dense, but how do you do that? - Dave

When you start the session on, say domain1, include an iframe with a
hidden div, and pass the sessionid to a page in domain2 which sets a
session cookie:

e.g. www.domain1.com/logged_in.php...

if (session_id()=='') {
create_new_session=true;
}
session_start();

// .... start doing the page header and body...

// ... at the very end of the page, before the tag....

if (create_new_session) {
session_commit();
$url="www.domain2.com/sync_session.php?usesess=";
$url.=base64encode(encrypt(session_id() . '/' . time(),
's3cr3t'));
// I've not spelled out how to use mcrypt
print "