can i post array to another domain on same server?

mrsocks

post session var array to different domain on same server

hi,

i would like to be able to take a Session variable for a shopping cart and pass it to another page (domain) but on the same server. the domain for the cart is www.cartdomain.com and i need to post all the session info (user id and the contents of the cart stored in an array) to domain https://order.securedomain.com/~cartdomain

In Explorer it works fine , but in Navigator 6.1, the size_of function is returning 0 and sending the user to the home page (that is the function i use so that if someone hits the "checkout " button before they add antyhign to their cart they are just kicked to the home page)

the session code at the top of the normal pages (at http://www.cartdomain.com) is :
session_start();
//session_register('userid','mycart');
if (!$SESSION['userid'])
{ $SESSION['userid'] = MkPassword($length=15); }

and the code at the top of the checkout page (https://order.securedomain.com/~cartdomain) is:
if (!$SESSION['userid'])
{ $SESSION['userid'] = MkPassword($length=15); }

$PHPSESSID = $COOKIE["PHPSESSID"];
$mycart = $SESSION['mycart'];

$size_cart = sizeof($mycart);
if ($size_cart == 0)
{
global $homeurl;
header("Location: $homeurl");
exit;
}

like i said, it works fine in Explorer, but not in Navigator. I am feeling that the array is not being passed.

any advice would be great.

thansk

diego25

Are the session variables stored in a cookie or in a file on the server? If they are stored in a cookie, and IE sends the frst domain's cookie to the second domain, then in my opinion it's a security hole.

What I would do is, since the two domains are on the same computer, store the cart info in a file or database, and only pass the userid to the order.secure script. The oreder.secure script will query the database or get the file for that userid and process the info.

Diego

mrsocks

thanks for the reply.

they are not stored in a cookie, but in a users session. (so i think that there is a file created on the server ) i am trying to get away from haveing to store the cart contents in the a table.

i have tried this on os x with netscape 6.2, 7, IE 5.2 and opera 6, and net 6.1 , 4.7 and IE 5.5 on PC, all work fine. i will try net 6.2 on my 9.2 system tomorrow.

looks as thoguh it is that version of the browser, but i would like to know why....

my question is still the same though. is it possible (htough it is working)? i want to maek sure that this is suppsoed to work liek this and not ust some way i have my browsers set.

hope that makes sense

thanks