Using same session variable on multiple domains?
Results 1 to 5 of 5

Thread: Using same session variable on multiple domains?

  1. #1
    Senior Member
    Join Date
    Jan 2003
    Location
    Canada
    Posts
    153

    Using same session variable on multiple domains?

    I have two websites that have different domains but I want to use the SAME log in session (so if you log into one and go to the other site you'll still be logged in with the same session). What's the best way to handle this? I'd rather not pass a query string when the user switches sites if possible. Both websites are on the same server and can connect to each others databases already just not sure about how to transfer this session. If anyone has any ideas let me know!

  2. #2
    Settled 4 red convertible dalecosp's Avatar
    Join Date
    Jul 2002
    Location
    Accelerating Windows at 9.81 m/s....
    Posts
    7,671
    Ok ... cookies? You're going to need transference somehow. Why are you afraid of passing the session id in the QS? Could you fake it? Encrypt it? Change it temporarily?

    Another alternative would be keeping your sessions in the database, but AFAIK the browser still has to wear a name tag ... I'm not the most experienced in the bunch here (hello Weedpacket, bradgrafelman, and a host of others), but I'm not seeing much way around this.

    The only other thing I can think of is some sort of AJAX, SOAP, or XML/JSON service that kicks off in the event of a "site switch", but I've nowhere near enough details to tell you exactly how that might be accomplished.
    /!!\ mysql_ is deprecated --- don't use it! Tell your hosting company you will switch if they don't upgrade! /!!!\ ereg() is deprecated --- don't use it!

    dalecosp "God doesn't play dice." --- Einstein "Perl is hardly a paragon of beautiful syntax." --- Weedpacket

    Getting Help at All --- Collected Solutions to Common Problems --- Debugging 101 --- Unanswered Posts --- OMBE: Office Machines, Business Equipment

  3. #3
    Syntax Error
    Join Date
    Feb 2003
    Location
    San Diego, CA
    Posts
    443
    If you don't want to pass anything in the URL I think your only hope is to use the IP address. Maybe manage sessions via database then look up based on IP, then perhaps validate with some sort of salt.

  4. #4
    Pna lbh ernq guvf¿
    Join Date
    Jul 2004
    Location
    Kansas City area
    Posts
    19,390
    Quote Originally Posted by m@tt View Post
    your only hope is to use the IP address
    Definitely NOT. Public IP addresses should never be used to identify a user's requests... there's no guarantee that a user's IP won't change from one request to the next or that hundreds or even thousands of users aren't sharing a single public IP address. (You could even have a combination of the two - many users sharing a small number of IP addresses via a load balancer that directs outgoing requests however it sees fit.)

    @Adamthenewbie: I would also echo dalecosp's question above... what's wrong with using the query string? Note that you could embed some element (e.g. a hidden <img>) in the HTML document on Site1 that points to a PHP script on Site2; that script would accept a SID (for example) via the query string and use it to call session_start(). The result would be that a cookie would be set by the script on Site2 (for Site2, of course) using the same session ID as what was used on Site1.
    Last edited by bradgrafelman; 04-18-2012 at 02:30 PM.

  5. #5
    Syntax Error
    Join Date
    Feb 2003
    Location
    San Diego, CA
    Posts
    443
    Quote Originally Posted by bradgrafelman View Post
    Definitely NOT. Public IP addresses should never be used to identify a user's requests... there's no guarantee that a user's IP won't change from one request to the next or that hundreds or even thousands of users aren't sharing a single public IP address.
    Well I did say IF he doesn't want to pass anything in the URL

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •