Sessions across multiple domains

Dinky

I am making a webshop and need my sessions on multiple domains.

Why? You ask. Because the website runs on a normal server with no SSL security and when the customer got to checkout I need to use a SSL proxy server from my credit card processing provider.

When the customer gets redirected from e.g. http://www.mydomain.com to https://www.secureserver.com I need to use the same session on both domains.

I can pass the session id with a GET in the url. But if the customer for some reason type in the URL to the checkout page manually it won't work, their will be created a new session instead.

I already use session stored in a Mysql database (I use this script: http://www.zend.com/zend/spotlight/code-gallery-wade8.php?article=code-gallery-wade8&kind=sl&id=3133&open=1&anc=0&view=1 ) That should be part of a solution.

Any ideas?

perrohunter

You can always manage the sessions with cookies that expire after a certain time.

IE: if you are logging the user create a hash valid for X time and then store it on a cookie on the client, this way, if he came back via direct address, you'll be able to read the cookie and check if it's still a valid hash, then just relog the user and continue with the process.

However if the user doesnt have cookies ull be in troubles. There's always a downside on every solution n_n

cheers