Posted by KevinM2k on 10/25/06 09:52

Erwin Moller wrote:
> KevinM2k wrote:
>
> > Hi,
> >
> > I am trying to have 1 template site and have an unlimited number of
> > websites
> > using this template site to call there own information.
> >
> > The sites are exactly the same except for the database, each of the
> > sites
> > also needs there own URL, for example one of these urls may be
> > www.example1.com and the other www.example2.com. These sites are
> > identical
> > apart from the database they call to, one will call to a database
> > called
> > example1 and the other example2. I want another site (for example
> > www.solution.com) to read what url has been entered and to pull in the
> > database for that site (either example1 or example2) and show that
> > information. I have tried using the CURL library without success (not
> > sure
> > how to use it fully) and have tried using frames but had loads of
> > problems
> > regarding losing session data. can anyone help?
>
> Hi,
>
> The reason you loose your sessiondata is simple: The sessionid is stored in
> a cookie together with the domain it belongs to.
> Every request to a certain domain send along the cookie, and the possible
> ppsessid, and so the server can see if it has a session belonging to that
> user.
> Imagine what happens if this was not implemented like this (as in early
> versions of Netscape): You have 2 windows open, one on
> www.wehackforfun.com, and one to your companies intranet. If both sites
> receive all cookies, the former one can easily 'steal your session' to your
> company's intranetsite, simply by reading the name and value of the
> cookie...
>
> If you have 2 different domains, they cannot share a session. (Well, they
> can, but that is less straightforward.)
>
> Bottomline, don't try to share sessions across different domains.
>
> If this is really a requirement, you can set this up only if you own both
> sites, and let them use a common session storageplace (database eg), AND
> let both sites explicitely send the sessionid around via GET, because the
> cookie will not work.
> I am not sure if that is wise, but it can be done.
>
>
> Regards,
> Erwin Moller
>
> >
> > Thanks
> > Kev

Do you have any suggestions on any other way to do this then because I
am completely stuck for ideas.

Thanks

[Back to original message]