473,326 Members | 2,104 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,326 software developers and data experts.

Share session between subdomains?

Hi,

Is it possible to share sessions between subdomains?

Say: the user logs in at www.company.com, and is redirected to
my.company.com. This is a different url for the same application. Can I
keep the session (so I still know WHO has logged in)?

The problem (as I see it) is the session-cookie. If that has a domain
of "www.company.com", it will not be transferred to "my.company.com".
But: a cookie with a domain of just "company.com" will be sent to both
subdomains. Is it possible to set the domain of the session-cookie?

Any other suggestions, apart from storing the identity in
application-state under some id and using that id in the redirect to
retrieve it in the new session?
Hans Kesting
May 5 '06 #1
1 5605
You can keep parts of the session. To do this, set the machine keys, both
encrypt and decrypt, to the same values on each server (not the same values
as each other, but the keys must be the same on both). You also have to set
the exact same cookie name. This allows the two apps to access the same
session cookie. Session number and user name stay consistent.

This will keep the user in session and you will be able to have single sign
on.

Now the bad news. If you are one that sets up a lot of user information in
session, you will have to recreate that info with every subdomain the user
traverses.

One solution is to create the info every time you notice there is no user
info. THis means multiple apps holding the same info, however. The other is
to persist the information and grab on either a session or page
(cache/viewstate) basis. Either one causes dupe info in memory, unless you
grab the info each page hit (ouch).

You can also put the info in a user cookie, but that just switches the
persistence mechanism to the user's drive and causes you to pull from
cookies. It has some other down sides, like the ability to turn off cookies.

What you do depends largely on your state mechanism. Do you grab info as
needed or use session, etc.? That will determine how much info you end up
repeating.

--
Gregory A. Beamer

*************************************************
Think Outside the Box!
*************************************************
"Hans Kesting" <ne***********@spamgourmet.com> wrote in message
news:mn***********************@spamgourmet.com...
Hi,

Is it possible to share sessions between subdomains?

Say: the user logs in at www.company.com, and is redirected to
my.company.com. This is a different url for the same application. Can I
keep the session (so I still know WHO has logged in)?

The problem (as I see it) is the session-cookie. If that has a domain of
"www.company.com", it will not be transferred to "my.company.com".
But: a cookie with a domain of just "company.com" will be sent to both
subdomains. Is it possible to set the domain of the session-cookie?

Any other suggestions, apart from storing the identity in
application-state under some id and using that id in the redirect to
retrieve it in the new session?
Hans Kesting

May 5 '06 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

27
by: mrbog | last post by:
Tell me if my assertion is wrong here: The only way to prevent session hijacking is to NEVER store authentication information (such as name/password) in the session. Well, to never authenticate...
1
by: steve | last post by:
Hi I am writing an application which ideally requires the creation of subdomains dynamically via asp. However I want all the subdomains to point to 1 asp file, which I wish to use to figure out...
1
by: guoqi zheng | last post by:
I have an application in IIS with a few sub domains assign to it. Is there a way for me to share session data across those subdomains? regards, Guoqi Zheng http://www.ureader.com
3
by: craigkenisston | last post by:
In an application I'm developing I will be using subdomains in the main website to hold some sections of the sites. There will be many serverside generated links that will point to this...
5
by: Joe | last post by:
I have an application which runs in a non-secure environment. I also have an application that runs in a secure environment (both on the same machine). Is there any way to share the session data for...
1
by: loooser | last post by:
Hi, I would just like to know if there is a way to let php keep sessions accross subdomains? I mean sessions with cookies, where the domain should be correctly set. Or maybe I can use SID...
13
by: Samir Chouaieb | last post by:
Hello, I am trying to find a solution to a login mechanism for different domains on different servers with PHP5. I have one main domain with the user data and several other domains that need...
9
by: Josh | last post by:
I run a Joomla website and am familiar with php in some but not all aspects. Currently I am trying to find some solutions related to session handling. Am I correct in saying that "login" is kept...
3
by: Jonathan Wood | last post by:
Perhaps someone who understand Web hosting can offer some insight into this. I have several sites hosted at http://www.crystaltech.com. There were highly recommended and seem pretty good. But...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.