|
Posted by Chris Shiflett on 09/21/05 20:25
Steve Lefevre wrote:
> I have a php site on a production server. The production server doesn't
> have the spell libraries, and rather than migrate the site, we setup
> spell checking functions on the development site, and shuttled the users
> back and forth with specially crafted get links and forms.
This sounds ugly, and you're leaving out some important details. My
first question is whether the domain name of the development (well, not
anymore) server is a subdomain of the production server.
> The POST form or GET link on the production site contains the string to
> be spellchecked. Once the user is at the development site, the string is
> spellcheck, and corrected if necessary. The development site checks the
> http referrer to make sure it's not just anybody, and the only thing it
> does is spell checking, anyway.
Checking Referer is useless, because everyone knows what you expect it
to be.
> After the spell checking is done, we then create links that bring the
> user back to the development site. On the development site, I have an
> include at the beginning of each page that checks for a session, and
> either takes them to the proper page, or throws an error if they are
> not on the login page and have no session.
This sounds confusing, but I think it's because you meant to say
production instead of development. Did you?
> Most of the time, no problem. When a user is returning from the
> production site, their session is still set when they load the page
> on the production server, and they get the appropriate page. However,
> for a few users, they are somehow losing session data, and they get
> the error when they try to return from the development server.
Maybe their session is timing out? You're sending them to a different
site, after all.
I think we acn help more if you offer some details, such as how you're
handling sessions. It also sounds like you could avoid all of this
confusion by simply having your production server communicate directly
with your development server. Using the user as a data transport seems
very ugly.
(Also, you didn't mention how cross-site scripting fits in.)
Hope that helps.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
Navigation:
[Reply to this message]
|