Solved

Cross site PHP session

Posted on 2007-11-16
3
770 Views
Last Modified: 2012-05-05
What I'm wanting to do is have one login for multiple sites that I have on one webserver.  

Here's the setup so you can understand a little more
Apache2 is running on a SuSE 10 webserver with several virtual ip addresses and virtual hosst.  Each virtual host is tied to it's own virtual IP instead of being tied to one IP and being dependant upon a DNS name (this is probably not the best way to do it, but it's what I knew at the time I set it up).  The 2 in question are our helpdesk page and our knowledgebase page. For example we'll say the help=10.1.1.100 and kb = 10.1.1.200.  So, if you type helpdesk in your address bar local DNS translates it to the IP and the webserver answers....
Anyway, currently I have a pretty good login situation setup on the helpdesk site so, when you go to the page, it asks you for your login... checks it and creates the session
...
session_start();
  session_name("is");
  while($row = mysql_fetch_array($result))
  {
   
   session_register('uid');
   session_register('fname');
   session_register('lname');
   ...
   $_SESSION['uid'] = $row["ID"];
   $_SESSION['fname'] = $row["FName"];
   $_SESSION['lname'] = $row["LName"];
   ...
  }
...
 
Anyway, that seems to work perfectly, I can logout, destroy the session, and it asks me to log back in.... it also remember my settings, etc.  To ensure I'm logged in every page after that has something up at the top of the page similar to this
 
<?php
//start the session
session_start();
//check to make sure the session variable is registered
if(!session_is_registered('uid'))
{
 //the session variable isn't registered, send them back to the login page
 header( "Location: index.php" );
}
?>
 
as mentioned.  It works..... so I (most likely incorrectly) assumed that I could do something similar to this on the top of the kb pages.... hoping it'll remember that I'm already logged into the helpdesk page.  So, I put the following at the top of the main page for the kb
<?php
//start the session
session_start();
//check to make sure the session variable is registered
if(!session_is_registered('uid'))
{
 //the session variable isn't registered, send them back to the login page
 header( "Location: https://help.hrmc.org/index.php" );
}
?>
 
but it never actually recognizes that I'm logged in.  If I go to my /var/lib/php5 folder, I can see my php sessions there, so I know they exist on the server.  I'm wondering how I can get it to see that I've already logged in on the other page.  
0
Comment
Question by:chshrmc
  • 2
3 Comments
 
LVL 21

Expert Comment

by:nizsmo
ID: 20301686
does it have different domains? if it does, i don't think session variable gets carried forward on different domains.

eg if your original site was help.blah.com and your second site is helpme.blah.com i don't think you can carry the sessions across.

Is setting  a cookie an option?
0
 

Author Comment

by:chshrmc
ID: 20302067
that is correct, it is 2 different domains
help.blah.com and kb.blah.com
0
 
LVL 21

Accepted Solution

by:
nizsmo earned 250 total points
ID: 20302275
Sounds like cookie is a perfect option for this:
http://www.w3schools.com/php/php_cookies.asp

Very good and simple tutorial on cookie creation, deletion, and retrival/usage.

Hope this helps.
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If I have to fix slow responding website my first thoughts are server side optimizations: the database may not be optimized or caching is not enabled, or things like that. We often overlook another major part of our web application: the client. We o…
Real-time is more about the business, not the technology. In day-to-day life, to make real-time decisions like buying or investing, business needs the latest information(e.g. Gold Rate/Stock Rate). Unlike traditional days, you need not wait for a fe…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question