On 24 Sep, 21:59, "laredotorn...@ zipmail.com"
<laredotorn...@ zipmail.comwrot e:
On Sep 24, 3:51 pm, "C." <colin.mckin... @gmail.comwrote :
On 24 Sep, 20:58, "laredotorn...@ zipmail.com"
<laredotorn...@ zipmail.comwrot e:
Hi,
I'm using PHP 4.4.4. I have two domains --www.mydomain1.c omandwww.mydoma in2.com. Both point to the same IP address. I have two
pages on that IP -- first.php
The solution is to suck in pages from both mydomain1 and mydomain2 at
the point where the session is established. This could be done with
frames or by redirection. Life's probably a lot simpler if you pass
across the generated session id from one to the other, but you need to
be wary of session fixation. Otherwise you'll probably need to write
your own session handler to maintain 2 sessions alive and in sync.
HTH
C.- Hide quoted text -
- Show quoted text -
Thanks for your response, C. Regarding
Life's probably a lot simpler if you pass
across the generated session id from one to the other
hate to be dense, but how do you do that? - Dave
When you start the session on, say domain1, include an iframe with a
hidden div, and pass the sessionid to a page in domain2 which sets a
session cookie:
e.g.
www.domain1.com/logged_in.php...
<?php
if (session_id()== '') {
create_new_sess ion=true;
}
session_start() ;
// .... start doing the page header and body...
// ... at the very end of the page, before the </bodytag....
if (create_new_ses sion) {
session_commit( );
$url="www.domai n2.com/sync_session.ph p?usesess=";
$url.=base64enc ode(encrypt(ses sion_id() . '/' . time(),
's3cr3t'));
// I've not spelled out how to use mcrypt
print "<iframe src=\"$url\" style=\"width:1 0px;height:5px\ "></
iframe>\n";
// nor added the css to make it invisible
}
?>
.....and
www.domain2.com/sync_session.php:
<?php
$request_sessio n=decrypt(base6 4decode($_GET['usesess']), 's3cr3t');
list($use_id,$r equested)=explo de('/',$request_sess ion);
if ($requested<tim e()+10) {
// allow a 10 second window to reduce probability of replay attacks
// although a more complete solution would be to set a session
variable in domain1 as a visa and
// reset it here.
set_cookie(sess ion_name(), $use_id);
print "OK, using same session id";
} else {
print "Invalid sync request";
}
?>
....or something like that. Not tested - YMMV.
C.