You are here: Re: [PHP] Re: Same sessions / different domains « PHP « IT news, forums, messages
Re: [PHP] Re: Same sessions / different domains

Posted by Mbneto on 05/14/05 14:45

Hi,

They are in the same machine. My major concern is with security and
the hability to make sure if a user logs in, or adds something to a
"shopping cart" in one domain it will be available to the other
domain.

Can I set call setCookie twice with the same variable name but
different domain ? I could set the sessionid and call session_start
with the propagated id when/if a user crosses from one domain to
another.

- mb

On 5/14/05, Richard Lynch <ceo@l-i-e.com> wrote:
>
>
> On Fri, May 13, 2005 1:06 am, Marek Kilimajer said:
> > Richard Lynch wrote:
> >> On Thu, May 12, 2005 6:58 am, Shaun said:
> >>
> >>>$_SERVER['HTTP_HOST']
> >>>
> >>>"Mbneto" <mbneto@gmail.com> wrote in message
> >>>news:5cf776b80505120435724fab@mail.gmail.com...
> >>>Hi,
> >>>
> >>>I need to access a website (written in php) using two different
> >>>domains (www.foo.com and www.bar.com). I must see the same content.
> >>>
> >>>Since the site uses session and cookie variables I was wondering if
> >>>(and how) it's possible to create a session id that is valid for the
> >>>domains I'll be using...
> >>
> >>
> >> There is no built-in way to just tell the browser that it's okay for
> >> cookie X to work for both foo.com and bar.com
> >>
> >> You will have to write some code that passes the cookie name/value
> >> between
> >> foo.com and bar.com
> >>
> >> You might have a special script like 'propogate_cookie.php' something
> >> like:
> >> <?php
> >> $var = $_REQUEST['var'];
> >> $value = $_REQUEST['value'];
> >> setcookie($var, $value);
> >> ?>
> >>
> >> Put this on both servers, and then when somebody surfs to foo.com you
> >> do:
> >> <?php
> >> session_start();
> >> $file =
> >> file("http://bar.com/propogate_cookie.php?var=PHPSESSID&value="
> >> . session_id());
> >> ?>
> >
> > The above will deadlock. session_start() locks the session file, then
> > you try to read from http://bar.com/propogate_cookie.php, this script
> > will try to use the same session file, but it will be never unlocked.
> >
> > Propagating session id in url when linking across domains and having
> > common session storage is completely sufficient. If you are concerned
> > user might browse to the other domain by other means than using a link
> > from the first domain, you can use a 1x1 pixel image linking to the
> > other domain with session id in url.
>
> I was actually thinking of foo and bar as totally separate machines when I
> typed that, mostly.
>
> But I'm not quite convinced that doing a setcookie on bar.com is going to
> deadlock the session from foo.com, even if they use the same file-system.
>
> It will deadlock if the user tries to have foo and bar windows open at
> once, or if the webmaster mixes foo and bar in a single page, but the
> setcookie all by itself should not deadlock, I don't think...
>
> --
> Like Music?
> http://l-i-e.com/artists.htm
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация