PHP session over subdomains on the same server

micmac

Hi all,
Just curious as to whether the following is a secure enough process.
I am currently passing the session_id() like so;
[php
header ("Location: [url]http://[/url]" . $sub_domain . ".designpak.com.au/admin/?" . session_name() . "=" . session_id() . "");
[/code]
from http://www.designpak.com.au
Is this secure or do i need to send it via a form ($_POST)?

Regards,
micmac

devinemke

the default (and more secure) method for session propagation is using cookies. if you do not wish to use cookies then URL parameter (as in your example) is the alternative. be advised that is method will only work if the subdomain is on the same physical server (which i gather it is in your case given this thread's subject line).