|
|
Posted by Richard Lynch on 05/13/05 02:24
On Thu, May 12, 2005 6:58 am, Shaun said:
> $_SERVER['HTTP_HOST']
>
> "Mbneto" <mbneto@gmail.com> wrote in message
> news:5cf776b80505120435724fab@mail.gmail.com...
> Hi,
>
> I need to access a website (written in php) using two different
> domains (www.foo.com and www.bar.com). I must see the same content.
>
> Since the site uses session and cookie variables I was wondering if
> (and how) it's possible to create a session id that is valid for the
> domains I'll be using...
There is no built-in way to just tell the browser that it's okay for
cookie X to work for both foo.com and bar.com
You will have to write some code that passes the cookie name/value between
foo.com and bar.com
You might have a special script like 'propogate_cookie.php' something like:
<?php
$var = $_REQUEST['var'];
$value = $_REQUEST['value'];
setcookie($var, $value);
?>
Put this on both servers, and then when somebody surfs to foo.com you do:
<?php
session_start();
$file = file("http://bar.com/propogate_cookie.php?var=PHPSESSID&value="
.. session_id());
?>
Do the same thing on bar.com (only calling the propoage_cookie.php script
on foo.com instead)
You will also need a custom session handler using the same backend --
probably your database is the simplest example -- so that the session data
is shared between foo.com and bar.com
The down-side here is that ANYBODY could surf to propogate_cookie.php and
set themselves up with whatever session ID they can sniff out, thereby
hijacking the session cookie a little easier, maybe... Though if they can
sniff it out, they could just hijack it on the first server too...
Still, might be worth recording who first issued the cookie (foo.com or
bar.com) in your session data, and then checking that the cookie/session
is still valid when you propogate it, by making sure it's in the database
from the other server already.
--
Like Music?
http://l-i-e.com/artists.htm
Navigation:
[Reply to this message]
|