ucsdmbdm
asked on
php keep session active across multiple websites
Hi,
What's the best way of keeping track of session variable and using it across multiple domain ?
I have a login page which links to different services (domains). The session remains active within my main loging page and any other pages with the same domain. As soon as I click on one of the links, it gets lost and i can't access it anymore. How do I get over this issue and what's the best way of approaching it:
Here is an example:
main.com (there is a login on main.com)
As soon as the user logs in, he/she will see links to other sites he/she can access:
1.com
2.com
3.com
Once I click on 1.com or 2.com, the session is lost.
I want to give the users the ability to walk through 1.com, 2.com,3.com without the need to login again...
Ross
What's the best way of keeping track of session variable and using it across multiple domain ?
I have a login page which links to different services (domains). The session remains active within my main loging page and any other pages with the same domain. As soon as I click on one of the links, it gets lost and i can't access it anymore. How do I get over this issue and what's the best way of approaching it:
Here is an example:
main.com (there is a login on main.com)
As soon as the user logs in, he/she will see links to other sites he/she can access:
1.com
2.com
3.com
Once I click on 1.com or 2.com, the session is lost.
I want to give the users the ability to walk through 1.com, 2.com,3.com without the need to login again...
Ross
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You could try with session_set_save_handler()
The difference between 1.com and 2.com is as big as the difference between IBM.com and Hitachi.com -- in other words, they are isolated and separate domains. But there may be hope. Instead of using differen domains, you can use different sub-domains, something like one.mydomain.com and two.mydomain.com, etc. It's possible to set a cookie that will persist across the subdomains, and that will enable you to create a persistent session across the subdomains.
Here is an example of how to get a session cookie that works across subdomains (they do not work that way by default).
Here is an example of how to get a session cookie that works across subdomains (they do not work that way by default).
<?php // RAY_session_cookie_domain.php
// DEMONSTRATE HOW TO START SESSIONS THAT WORK IN DIFFERENT SUBDOMAINS
error_reporting(E_ALL);
// GET DOMAIN WITHOUT WWW
$host = eregi_replace('^WWW', '', "$_SERVER[HTTP_HOST]");
// START THE SESSION AND SET THE COOKIE FOR ALL SUBDOMAINS
$sess_name = session_name();
if (session_start())
{
setcookie($sess_name, session_id(), NULL, '/', $host, FALSE, TRUE);
}
// LOAD UP SOME INFORMATION TO SHOW SESSION CONTENTS
$_SESSION["cheese"] = "Cheddar";
if (!isset($_SESSION["count"])) $_SESSION["count"] = 0;
$_SESSION["count"] ++;
// PUT UP TWO LINKS WITH DIFFERENT SUBDOMAINS
$gost = substr($host,1); // STRIP OFF THE DOT THAT WAS NEEDED FOR SETCOOKIE
$dmn_link = 'http://' . $gost . '/RAY_dump_session.php';
$www_link = 'http://www' . $host . '/RAY_dump_session.php';
echo "<br/><a target=\"_blank\" href=\"$www_link\">$www_link</a>\n";
echo "<br/><a target=\"_blank\" href=\"$dmn_link\">$dmn_link</a>\n";
// SHOW WHAT IS IN COOKIE AND IN $_SESSION
echo "<pre>";
echo "COOKIE ";
var_dump($_COOKIE);
echo "\n\n";
echo "SESSION ";
var_dump($_SESSION);
echo "</pre>\n";
?>
<form method="post">
<input type="submit" value="CLICK ME" />
</form>
Here's the code that will visualize the cookie and session values across the domains. Install these things and run them, and you will get an idea of how it can work for you.
Best regards, ~Ray
Best regards, ~Ray
<?php // RAY_dump_session.php
error_reporting(E_ALL);
// START THE SESSION
session_start();
// DISPLAY THE VARS
echo "<pre>";
echo "COOKIE ";
var_dump($_COOKIE);
echo "\n\n";
echo "SESSION ";
var_dump($_SESSION);
echo "</pre>\n";
ASKER
Hi All,
I don't want to keep the session between different sub-domains. It's between completely different domains.
I don't want to keep the session between different sub-domains. It's between completely different domains.
Sorry, you CAN share between sub-domains, but it just doesn't work that way between domains, and if the PHP security people find a way that makes it work, they will plug the hole.
If you have all the sites running under the same account at a shared hosting server, (like with "parked" domains) you may be able to share a data base. Then you can program your way around the issue by simulating the session via the data base. That's a lot of work, and it will lead to a very brittle installation for more reasons than you can anticipate.
I guess what I'm gently trying to say is "there's a right way and a wrong way" and an application design that depends on intimate communication between different domains -- well, I would not go there.
Can't you go back to the architect and tell them that this is an infeasible design?
Anyway, best of luck with your project. ~Ray
If you have all the sites running under the same account at a shared hosting server, (like with "parked" domains) you may be able to share a data base. Then you can program your way around the issue by simulating the session via the data base. That's a lot of work, and it will lead to a very brittle installation for more reasons than you can anticipate.
I guess what I'm gently trying to say is "there's a right way and a wrong way" and an application design that depends on intimate communication between different domains -- well, I would not go there.
Can't you go back to the architect and tell them that this is an infeasible design?
Anyway, best of luck with your project. ~Ray
Hi ucsdmbdm, have you tried my suggestion ?
http://www.experts-exchang
Hope it works
http://www.experts-exchang
Hope it works
is these web sites sharing the same mysql server ... or same database server ... if yes i think we can make a work around
http://www.webmasterworld.com/forum88/13355.htm
http://www.webmasterworld.com/forum88/7936.htm