Re: [Phplib-users] Multi-domain sessions?
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Re: [Phplib-users] Multi-domain sessions?
|
From: Walters J. P. <jw...@sa...> - 2002-05-12 15:05:24
|
Pardon my feeble attempt at an answer... I believe that w/ cookies you don't have much control over setting one for *another* domain. I think the most control you have is limiting it to the subdomain you're on (mybox.whatever.com) or the whole domain (*.whatever.com). So you need another way to pass around session id's between sites. Remember that the traditional way of pulling it from a cookie will be non-existent, so can you simply pass it in the URL? In any links between sites, add a variable to the url using the GET method (or POST i guess if you want to hide it), then on the destination site do that hack of session4.inc and set their session id to the one passed in. You will want to verify the HTTP_REFERER so that sessions can only be "hi-jacked" by your sites. Justin Walters Today @ 3:45pm, James Stewart typed.. > I posted on this a while back but hadn't really thought through what I > wanted to do. > > I have three sites which all share a single database and which I'd like > to share a single shopping cart. The SSL certificate is only valid for > one of the domains so I definitely need to be able to have that domain > access carts started at either of the other sites. Two of the sites are > on one server and the third is on another, along with the database. > > I'm using session4.inc and I'm guessing the best way to handle this > would be to send three cookies when the user first visits any of the > sites, one from each domain, each containing the session ID. I would > then get the same session ID when the user went to any of the sites > during that browser session. > > My initial attempt to do this involved hacking session4.inc so that if > $cookie_domain is an array it sends a cookie from each domain listed but > this doesn't appear to have worked. My sessions within one site have the > same ID but when I move to either of the other sites I get a different > ID. > > Any ideas? > > James. > > > _______________________________________________________________ > > Have big pipes? SourceForge.net is looking for download mirrors. We supply > the hardware. You get the recognition. Email Us: ban...@so... > _______________________________________________ > Phplib-users mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phplib-users > _______________________________________________________ 2 common misconceptions 0) Pain is bad. 1) Omniscience necessitates predestination. |
