473,322 Members | 1,526 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,322 software developers and data experts.

how to keep track of the session ID across domains

Hi all,

We have about 10 different domains that are linked very closely and we
want to identify and keep track of every single user that surfs our
websites by the use of sessions.

The problem is how to keep track of the session ID across domains.

- cookies don't work because not acepted by 40 % of or users and
cookies don't work across domains
- passing of the PHPSESSID over a from is molesting because all links
have to be forms
- automatic passing in links by the use of trans_id doesn't work. all
links have to be relative. this is not possibe when the link is on
another domain
- manual passing of the PHPSESSID would work but is a pain in the butt
since all of the links have to be altered manually in thousands of php
files.

Or domains are located on the same instance of the apache server and
the 4th method would work well.

Maybe a trick would work out well.
I have been trying to include a php logger file (located in the main
domain directory) in the footer of all of our sites where the session
is started and data is logged.
The result were different Session IDs even for websites on the same
domain....

Maybe also a manual session.save_handler (in php.ini) would help.

The things are quite a bit complicated and I would apreciate your help
very much.

Dennis

Jul 17 '05 #1
1 4427
d.********@gmx.net wrote:
Hi all,

We have about 10 different domains that are linked very closely and we
want to identify and keep track of every single user that surfs our
websites by the use of sessions.

You're fighting a losing battle: it's a key security feature of a web
browser that information provided by one website is not visible by another
unless explicitly passed in a POST/GET. Some of the answers you could come
up with may undermine this behaviour - if so, they will not be portable
across browsers and are likely to be fixed in future.
The problem is how to keep track of the session ID across domains.

- cookies don't work because not acepted by 40 % of or users and
cookies don't work across domains
So if your customers won't even trust cookies, they are unlikely to want to
install a custom client certificate.
- manual passing of the PHPSESSID would work but is a pain in the butt
since all of the links have to be altered manually in thousands of php
files.
....this looks the most viable solution. Why would they need to be latered
manually? You could script any changes to HREF='...' and flag up any
'<FORM>', 'header(' and 'location=' for manual processing.

An alternative solution might be to put all the sites behind a frame, & use
javascript cookies from the inner and outer pages, then use a two phase
move to another site (on arrival, php sees no session id, includes
javascript to query outer frame for sessionid and sets cookie then do a
frame-bust to a frameset page hosted on the 'local' domain, when PHP
generates the resultant inner page, it *has* a sessionid, so it includes
javascript to update the sessionid into the frame). That's kind of messy
though and might not be workable.
Maybe a trick would work out well.
I have been trying to include a php logger file (located in the main
domain directory) in the footer of all of our sites where the session
is started and data is logged.
The result were different Session IDs even for websites on the same
domain....


Are you sure? I've found the sessions thing to be very reliable, although it
is quite easy to ^&%$ it up from your own code. How can you tell that
you've assigned a new session ID server-side? You can't discriminate on the
basis of client IP address, or the headers sent by the browser.

C.
Jul 17 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
by: Hung Huynh | last post by:
Hello, I have 2 separate web sites on 2 different boxes www.xyz.com on box 1 www2.xyz.com on box 2 Users log into box 1 via regular ASP/Database authentication, and I keep a session...
2
by: TaeHo Yoo | last post by:
Hi all, I have a solution which contains multiple projects. Those multiple projects should share the same session. For example, users login, create the session for users then these session...
7
by: Seth | last post by:
I have noticed that the id of my session object changes when I switch from a non-secure to a secure connection. What I'm trying to do: I have a cookie that is built on the non-secure side of...
0
by: Suresh | last post by:
Hi, Problem Description: How to share Session between ASP and ASP.Net across the domains. Microsoft has given an article on session sharing between ASP and ASP.Net. It workd fine if both ASP...
10
by: Suresh | last post by:
how to share Session Sharing Across the domain
7
by: Doug | last post by:
An ASP.NET session cookie set on "www.mydomain.com" can not be accessed on "search.mydomain.com"; hence, a new session and cookie are being created on every sub-domain. This is occuring because...
13
by: Samir Chouaieb | last post by:
Hello, I am trying to find a solution to a login mechanism for different domains on different servers with PHP5. I have one main domain with the user data and several other domains that need...
3
by: laredotornado | last post by:
Hi, I'm using PHP 4.4.4. I have two domains -- www.mydomain1.com and www.mydomain2.com. Both point to the same IP address. I have two pages on that IP -- first.php <?php session_start();...
9
by: Josh | last post by:
I run a Joomla website and am familiar with php in some but not all aspects. Currently I am trying to find some solutions related to session handling. Am I correct in saying that "login" is kept...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.