Posted by Jochem Maas on 10/16/90 11:36

Shafiq Rehman wrote:
> Hi,
>
> How can I register a session or cookie for two domains. I want to maintain
> logged user's state when he goes from one domain to other domain.
>
> Example
> Suppose a user is logged in on domain1.com. A cookie is set and user is
> authenticated from database on the basis of that cookie. When he goes from
> domain1.com to domain2.com, I want he remains loggedin on domain2.com. I do
> not want any query string. Is it possible by playing with cookie or session
> settings?
>
> Please advise if anybody has faced such problem.

Evil Haxors face this problem everyday - sovling it involves using security
vulnerabilities in browsers (and possibly servers); technically what you ask
is not possible - the whole point of cookies is that they are only available
to the issuing domain; there is no concept of trusted domains with HTTP.

having said that if you allow it to work via something in the URL (e.g. GET
param) then it's doable (chap named Mark gave you an answer to this affect).

I just had thought for a completely different way of doing it:

it requires 3 domains:

1. domain1.com
2. domain2.com
3. domain3.com

domain1.com unconditionally/always redirects to domain1.domain3.com
domain2.com unconditionally/always redirects to domain2.domain3.com

*.domain3.com is where every really happens.

all logs/sessions occur under the domain3.com domain - and sharing
cookies between subdomains IS allowed :-)

hope you understand what I mean.

>
> Regards
> http://www.phpgurru.com
>

[Back to original message]