473,320 Members | 2,104 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

keeping session data across two domains

Hi,

I'm using PHP 4.4.4. I have two domains -- www.mydomain1.com and
www.mydomain2.com. Both point to the same IP address. I have two
pages on that IP -- first.php

<?php
session_start();
$_SESSION['test'] = "hello";
?>

and second.php

<?php
session_start();
print $_SESSION['test'];
?>

What I would like is when I first visit http://www.mydomain1.com/first.php
and then visit http://www.mydomain2.com/second.php to have the word
"hello" printed. Does anyone know how to adjust the above scripts or
my environment to make this possible?

Thanks, - Dave

Sep 24 '07 #1
3 8269
C.
On 24 Sep, 20:58, "laredotorn...@zipmail.com"
<laredotorn...@zipmail.comwrote:
Hi,

I'm using PHP 4.4.4. I have two domains --www.mydomain1.comandwww.mydomain2.com. Both point to the same IP address. I have two
pages on that IP -- first.php

<?php
session_start();
$_SESSION['test'] = "hello";
?>

and second.php

<?php
session_start();
print $_SESSION['test'];
?>

What I would like is when I first visithttp://www.mydomain1.com/first.php
and then visithttp://www.mydomain2.com/second.phpto have the word
"hello" printed. Does anyone know how to adjust the above scripts or
my environment to make this possible?

Thanks, - Dave
I'll assume you're using cookies for sessions. In which case the
question is how you get a cookie from one site set when you are
accessing another.

The solution is to suck in pages from both mydomain1 and mydomain2 at
the point where the session is established. This could be done with
frames or by redirection. Life's probably a lot simpler if you pass
across the generated session id from one to the other, but you need to
be wary of session fixation. Otherwise you'll probably need to write
your own session handler to maintain 2 sessions alive and in sync.

HTH

C.

Sep 24 '07 #2
On Sep 24, 3:51 pm, "C." <colin.mckin...@gmail.comwrote:
On 24 Sep, 20:58, "laredotorn...@zipmail.com"

<laredotorn...@zipmail.comwrote:
Hi,
I'm using PHP 4.4.4. I have two domains --www.mydomain1.comandwww.mydomain2.com. Both point to the same IP address. I have two
pages on that IP -- first.php
<?php
session_start();
$_SESSION['test'] = "hello";
?>
and second.php
<?php
session_start();
print $_SESSION['test'];
?>
What I would like is when I first visithttp://www.mydomain1.com/first.php
and then visithttp://www.mydomain2.com/second.phptohave the word
"hello" printed. Does anyone know how to adjust the above scripts or
my environment to make this possible?
Thanks, - Dave

I'll assume you're using cookies for sessions. In which case the
question is how you get a cookie from one site set when you are
accessing another.

The solution is to suck in pages from both mydomain1 and mydomain2 at
the point where the session is established. This could be done with
frames or by redirection. Life's probably a lot simpler if you pass
across the generated session id from one to the other, but you need to
be wary of session fixation. Otherwise you'll probably need to write
your own session handler to maintain 2 sessions alive and in sync.

HTH

C.- Hide quoted text -

- Show quoted text -
Thanks for your response, C. Regarding
Life's probably a lot simpler if you pass
across the generated session id from one to the other
hate to be dense, but how do you do that? - Dave

Sep 24 '07 #3
C.
On 24 Sep, 21:59, "laredotorn...@zipmail.com"
<laredotorn...@zipmail.comwrote:
On Sep 24, 3:51 pm, "C." <colin.mckin...@gmail.comwrote:
On 24 Sep, 20:58, "laredotorn...@zipmail.com"
<laredotorn...@zipmail.comwrote:
Hi,
I'm using PHP 4.4.4. I have two domains --www.mydomain1.comandwww.mydomain2.com. Both point to the same IP address. I have two
pages on that IP -- first.php
The solution is to suck in pages from both mydomain1 and mydomain2 at
the point where the session is established. This could be done with
frames or by redirection. Life's probably a lot simpler if you pass
across the generated session id from one to the other, but you need to
be wary of session fixation. Otherwise you'll probably need to write
your own session handler to maintain 2 sessions alive and in sync.
HTH
C.- Hide quoted text -
- Show quoted text -

Thanks for your response, C. Regarding
Life's probably a lot simpler if you pass
across the generated session id from one to the other

hate to be dense, but how do you do that? - Dave
When you start the session on, say domain1, include an iframe with a
hidden div, and pass the sessionid to a page in domain2 which sets a
session cookie:

e.g. www.domain1.com/logged_in.php...

<?php
if (session_id()=='') {
create_new_session=true;
}
session_start();

// .... start doing the page header and body...

// ... at the very end of the page, before the </bodytag....

if (create_new_session) {
session_commit();
$url="www.domain2.com/sync_session.php?usesess=";
$url.=base64encode(encrypt(session_id() . '/' . time(),
's3cr3t'));
// I've not spelled out how to use mcrypt
print "<iframe src=\"$url\" style=\"width:10px;height:5px\"></
iframe>\n";
// nor added the css to make it invisible
}
?>

.....and www.domain2.com/sync_session.php:

<?php

$request_session=decrypt(base64decode($_GET['usesess']), 's3cr3t');
list($use_id,$requested)=explode('/',$request_session);

if ($requested<time()+10) {
// allow a 10 second window to reduce probability of replay attacks
// although a more complete solution would be to set a session
variable in domain1 as a visa and
// reset it here.
set_cookie(session_name(), $use_id);
print "OK, using same session id";
} else {
print "Invalid sync request";
}

?>

....or something like that. Not tested - YMMV.

C.

Sep 25 '07 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: d.schulz81 | last post by:
Hi all, We have about 10 different domains that are linked very closely and we want to identify and keep track of every single user that surfs our websites by the use of sessions. The problem...
6
by: Astra | last post by:
Hi All I've noticed on quite a few ASP sites that when they have a 'MyAccount' section they transfer the site to https and then when you have logged into your account successfully and gone back...
4
by: Le | last post by:
Hello I was wondering if there was a way to keep a user's session info across multple domains For example, company A owns website www.a.com and www.b.com. A user logs into www.a.co and later...
11
by: Vic Spainhower | last post by:
Hello, I just purchased a new domain name and I've set it up as a redirect to a folder on my main site. What is happening is the index.php page checks a session variable to see if the user is...
7
by: Seth | last post by:
I have noticed that the id of my session object changes when I switch from a non-secure to a secure connection. What I'm trying to do: I have a cookie that is built on the non-secure side of...
1
by: guoqi zheng | last post by:
I have an application in IIS with a few sub domains assign to it. Is there a way for me to share session data across those subdomains? regards, Guoqi Zheng http://www.ureader.com
7
by: Doug | last post by:
An ASP.NET session cookie set on "www.mydomain.com" can not be accessed on "search.mydomain.com"; hence, a new session and cookie are being created on every sub-domain. This is occuring because...
13
by: Samir Chouaieb | last post by:
Hello, I am trying to find a solution to a login mechanism for different domains on different servers with PHP5. I have one main domain with the user data and several other domains that need...
9
by: Josh | last post by:
I run a Joomla website and am familiar with php in some but not all aspects. Currently I am trying to find some solutions related to session handling. Am I correct in saying that "login" is kept...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.