losing sessions while resolving links across servers/domains

sdbland

we are doing a small tracking system to track some user requests and seem to be getting confusion over which session is active for a given browser

case: on domain A, a webserver (ASP unfortunately ) has a link wrapped within a link. that wrapper link sends a GET/POST to a server on domain B, a php server, that server records the request, then either forwards the GET through a redirect or creates a page with an autoload form that captures the request and ends up forwarding the POST to the original server

all of this works fine with the first request. keep in mind the requests are all really coming from the browser anyway. the second time we do this on domain A, the browser gets associated with a new session on server B. same browser, domains are the same, but it is now tagged with a new session.

session has not been destroyed, it has not timed out.

is there a problem in a situation like this? have done work with PHP before where we left a domain, went to another and was still logged in with an active session on return many times

have not done redirects to other domains or onload scripts to other domains in that context however

I know this is fairly vague, but anyone have any ideas why the session is lost? data from a previous session still appears to be there, dang nab it. so teh server is recognizing the browsers return

devinemke

how are you propagating your sessions: cookies or URL query string? i would try unconditionally tacking the session id on the URL query string (ie. not rely on trans_id which won't work accross domains anyway)

sdbland

we are relying on the default PHP model of using a sessionid in a cookie.

but what I cannot fidure out is the the session is not across domains. it is always on out domain when interaction happens. yes it may then be forwarded to another domain afterwards, or a page on our domain with an on load javascript might run, but when those items happen, they are on out domain.

when the user gets to our domain, it is off a link like the following in the backtohere,com domain

http://gotohere.com?parm=http://backtohere.com

so we are always on the gotohere.com domain when working with the sessions! the browser does the laod, not the server, so the requests all come from teh same gotohere.com domain.

but they seem to get lost, or at least part of the session data seems to get lost.

we cannot tack on the id to the url as we do not generate the URL. their server does, and wraps it in a url to us