Solved

Cross site PHP session

Posted on 2007-11-16
3
772 Views
Last Modified: 2012-05-05
What I'm wanting to do is have one login for multiple sites that I have on one webserver.  

Here's the setup so you can understand a little more
Apache2 is running on a SuSE 10 webserver with several virtual ip addresses and virtual hosst.  Each virtual host is tied to it's own virtual IP instead of being tied to one IP and being dependant upon a DNS name (this is probably not the best way to do it, but it's what I knew at the time I set it up).  The 2 in question are our helpdesk page and our knowledgebase page. For example we'll say the help=10.1.1.100 and kb = 10.1.1.200.  So, if you type helpdesk in your address bar local DNS translates it to the IP and the webserver answers....
Anyway, currently I have a pretty good login situation setup on the helpdesk site so, when you go to the page, it asks you for your login... checks it and creates the session
...
session_start();
  session_name("is");
  while($row = mysql_fetch_array($result))
  {
   
   session_register('uid');
   session_register('fname');
   session_register('lname');
   ...
   $_SESSION['uid'] = $row["ID"];
   $_SESSION['fname'] = $row["FName"];
   $_SESSION['lname'] = $row["LName"];
   ...
  }
...
 
Anyway, that seems to work perfectly, I can logout, destroy the session, and it asks me to log back in.... it also remember my settings, etc.  To ensure I'm logged in every page after that has something up at the top of the page similar to this
 
<?php
//start the session
session_start();
//check to make sure the session variable is registered
if(!session_is_registered('uid'))
{
 //the session variable isn't registered, send them back to the login page
 header( "Location: index.php" );
}
?>
 
as mentioned.  It works..... so I (most likely incorrectly) assumed that I could do something similar to this on the top of the kb pages.... hoping it'll remember that I'm already logged into the helpdesk page.  So, I put the following at the top of the main page for the kb
<?php
//start the session
session_start();
//check to make sure the session variable is registered
if(!session_is_registered('uid'))
{
 //the session variable isn't registered, send them back to the login page
 header( "Location: https://help.hrmc.org/index.php" );
}
?>
 
but it never actually recognizes that I'm logged in.  If I go to my /var/lib/php5 folder, I can see my php sessions there, so I know they exist on the server.  I'm wondering how I can get it to see that I've already logged in on the other page.  
0
Comment
Question by:chshrmc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 21

Expert Comment

by:nizsmo
ID: 20301686
does it have different domains? if it does, i don't think session variable gets carried forward on different domains.

eg if your original site was help.blah.com and your second site is helpme.blah.com i don't think you can carry the sessions across.

Is setting  a cookie an option?
0
 

Author Comment

by:chshrmc
ID: 20302067
that is correct, it is 2 different domains
help.blah.com and kb.blah.com
0
 
LVL 21

Accepted Solution

by:
nizsmo earned 250 total points
ID: 20302275
Sounds like cookie is a perfect option for this:
http://www.w3schools.com/php/php_cookies.asp

Very good and simple tutorial on cookie creation, deletion, and retrival/usage.

Hope this helps.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to choose which pages of your form are visible to your users based on their inputs. The page rules feature provides you with an opportunity to create if:then statements for y…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question