473,396 Members | 2,018 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > what's the best way to maintain sessions on two domains?

Join Bytes to post your question to a community of 473,396 software developers and data experts.

What's the best way to maintain sessions on two domains?

gregerly
192 Expert 100+
Hello All,

I'm working on a project right now that will require me to maintain a session on two separate secure domains. So user logs into domain a, and can quickly switch to domain b without having to re-authenticate. What would be the best way to approach this. Has anyone done anything like this?
Jan 9 '10 #1
3 2250
xNephilimx
213 Expert 100+
Hi, gregerly.
Quick thought: you may want to store the sessions in a db that has access from both domains and link the session id with the logged in user, so when the user logs in, you can redirect the user to a remote script on the other site of yours passing the session id in GET, the remote script assigns the session id so all the data will be instantly available for this second domain and then redirect the user back. This will not create a step in the browser's history, though I don't know about the security concerns... is just what I came up with right now.

Kind regards
Jan 11 '10 #2
dlite922
1,584 Expert 1GB
@xNephilimx

Someone would be able to listen on the TCP traffic and pick up the session ID in the URL. And Voila! someone has access to that session at the new site.

This question was also asked a while back:
http://bytes.com/topic/php/answers/7...ss-two-domains

The solution was to use a hidden iFrame that logs you into the second site when the user logs in to the first site.

I personally stay away from iFrames, but that's for another reason.



Dan
Jan 11 '10 #3
xNephilimx
213 Expert 100+
Great, thanks for the info!
I thought about iframes too, but but that's like a doing CSRF to your own site... lol.
Maybe saving certain user data, like a hash of ip+browser+something else server-side (plus a timeout of some sort?), so you can compare if the session id request came from the same user, but that won't make it 100% sure that is the same user.

In the company I work, this is done for a couple of sites we own, but it's done in perl, and that's not my area of expertise so I can't just peak the code and figure it out XD.
Jan 12 '10 #4

Sign in to post your reply or Sign up for a free account.

Similar topics

2
Something simple!? Sessions - admin.localhost to main.localhost
by: Dave Mateer | last post by:
Hi Why does the following code allow me to keep the same session when in the same sub domain (ie admin.localhost), yet not when I goto another related domain eg main.localhost? I would like...
PHP
4
Does this sound safe? Sessions between domains
by: FLEB | last post by:
I've been trying to find a way to transfer session data (login information and such) between different domains, both on the same shared host. I think (I haven't tested yet, though) that using the...
PHP
125
What so special about PostgreSQL and other RDBMS?
by: Sarah Tanembaum | last post by:
Beside its an opensource and supported by community, what's the fundamental differences between PostgreSQL and those high-price commercial database (and some are bloated such as Oracle) from...
Microsoft SQL Server
4
What's the most efficient approach (App Domain?)...
by: Robert Vasquez | last post by:
I'm currently trying to decide the best way to design my application, any suggestions or comments welcomed. In C++ to make my apps more efficient (consume less memory while running) I would...
C# / C Sharp
1
Maintain Session State Across Domains
by: Robert Burdick [eMVP] | last post by:
Hello All: I am writing an ASP.NET application that will take the user to PayPal to make some payments. Before going to PayPal, I collect relevant user information and store it in a session...
ASP.NET
22
sessions and domain names
by: magic_hat60622 | last post by:
Hi all. I've got an app that dumps a user id into a session after successful login. the login page is http://www.mydomain.com/login.php. If the user visits pages on my site without the www (i.e.,...
PHP
13
maintain a single session across multiple servers
by: Samir Chouaieb | last post by:
Hello, I am trying to find a solution to a login mechanism for different domains on different servers with PHP5. I have one main domain with the user data and several other domains that need...
PHP
3
Can i maintain ASP and ASP.NET Sessions on a same page?
by: royson | last post by:
Hi Guys, I have a problem, i am migrating from existing asp web application to asp.net web application. The existing asp application holds user session variables. I can share those session variables...
.NET Framework
5
rajiv07
Sharing Sessions across multiple Domains
by: rajiv07 | last post by:
Hi to all I am wondering how do i share the session across multiple Domains.Suppose i have set session in example1.com and i want to access the session in example2.com which is set in...
Perl
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!