Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Cross site PHP session

Posted on 2007-11-16
3
Medium Priority
?
775 Views
Last Modified: 2012-05-05
What I'm wanting to do is have one login for multiple sites that I have on one webserver.  

Here's the setup so you can understand a little more
Apache2 is running on a SuSE 10 webserver with several virtual ip addresses and virtual hosst.  Each virtual host is tied to it's own virtual IP instead of being tied to one IP and being dependant upon a DNS name (this is probably not the best way to do it, but it's what I knew at the time I set it up).  The 2 in question are our helpdesk page and our knowledgebase page. For example we'll say the help=10.1.1.100 and kb = 10.1.1.200.  So, if you type helpdesk in your address bar local DNS translates it to the IP and the webserver answers....
Anyway, currently I have a pretty good login situation setup on the helpdesk site so, when you go to the page, it asks you for your login... checks it and creates the session
...
session_start();
  session_name("is");
  while($row = mysql_fetch_array($result))
  {
   
   session_register('uid');
   session_register('fname');
   session_register('lname');
   ...
   $_SESSION['uid'] = $row["ID"];
   $_SESSION['fname'] = $row["FName"];
   $_SESSION['lname'] = $row["LName"];
   ...
  }
...
 
Anyway, that seems to work perfectly, I can logout, destroy the session, and it asks me to log back in.... it also remember my settings, etc.  To ensure I'm logged in every page after that has something up at the top of the page similar to this
 
<?php
//start the session
session_start();
//check to make sure the session variable is registered
if(!session_is_registered('uid'))
{
 //the session variable isn't registered, send them back to the login page
 header( "Location: index.php" );
}
?>
 
as mentioned.  It works..... so I (most likely incorrectly) assumed that I could do something similar to this on the top of the kb pages.... hoping it'll remember that I'm already logged into the helpdesk page.  So, I put the following at the top of the main page for the kb
<?php
//start the session
session_start();
//check to make sure the session variable is registered
if(!session_is_registered('uid'))
{
 //the session variable isn't registered, send them back to the login page
 header( "Location: https://help.hrmc.org/index.php" );
}
?>
 
but it never actually recognizes that I'm logged in.  If I go to my /var/lib/php5 folder, I can see my php sessions there, so I know they exist on the server.  I'm wondering how I can get it to see that I've already logged in on the other page.  
0
Comment
Question by:chshrmc
  • 2
3 Comments
 
LVL 21

Expert Comment

by:nizsmo
ID: 20301686
does it have different domains? if it does, i don't think session variable gets carried forward on different domains.

eg if your original site was help.blah.com and your second site is helpme.blah.com i don't think you can carry the sessions across.

Is setting  a cookie an option?
0
 

Author Comment

by:chshrmc
ID: 20302067
that is correct, it is 2 different domains
help.blah.com and kb.blah.com
0
 
LVL 21

Accepted Solution

by:
nizsmo earned 750 total points
ID: 20302275
Sounds like cookie is a perfect option for this:
http://www.w3schools.com/php/php_cookies.asp

Very good and simple tutorial on cookie creation, deletion, and retrival/usage.

Hope this helps.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These days, all we hear about hacktivists took down so and so websites and retrieved thousands of user’s data. One of the techniques to get unauthorized access to database is by performing SQL injection. This article is quite lengthy which gives bas…
This holiday season, we’re giving away the gift of knowledge—tech knowledge, that is. Keep reading to see what hacks, tips, and trends we have wrapped and waiting for you under the tree.
The viewer will learn how to dynamically set the form action using jQuery.
Wufoo.com provides powerful tools for surveying targeted groups, and utilizing data from completed surveys to find trends, discover areas of demand or customer expectation, and make business decisions on products or services.
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question