php keep session active across multiple websites

Hi,
What's the best way of keeping track of session variable and using it across multiple domain ?
I have a login page which links to different services (domains). The session remains active within my main loging page and any other pages with the same domain. As soon as I click on one of the links, it gets lost and i can't access it anymore. How do I get over this issue and what's the best way of approaching it:

Here is an example:
main.com (there is a login on main.com)
As soon as the user logs in, he/she will see links to other sites he/she can access:
1.com
2.com
3.com
Once I click on 1.com or 2.com, the session is lost.
I want to give the users the ability to walk through 1.com, 2.com,3.com without the need to login again...


Ross

ucsdmbdmAsked:
Who is Participating?
 
Ionut A. TudorPHP ProgrammerCommented:
You can't do it, sorry, this would be a big security flaw if one domain can access any other domain's cookies!
Of course its possible to do it with subdomains of the same domain like agamal suggested, but if you want different domains its just not possible.
Good luck
0
 
agamalCommented:
0
 
Ionut A. TudorPHP ProgrammerCommented:
You could try with session_set_save_handler() function to save the sessions to a database and from all those domains to access that DB. You'll need to pass the session id from one domain to another to access the correct values in database. But i can't say for sure if it will work, its just an option if you would like to try and tell us if it worked. Cheers
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
Ray PaseurCommented:
The difference between 1.com and 2.com is as big as the difference between IBM.com and Hitachi.com -- in other words, they are isolated and separate domains.  But there may be hope.  Instead of using differen domains, you can use different sub-domains, something like one.mydomain.com and two.mydomain.com, etc.  It's possible to set a cookie that will persist across the subdomains, and that will enable you to create a persistent session across the subdomains.

Here is an example of how to get a session cookie that works across subdomains (they do not work that way by default).
<?php // RAY_session_cookie_domain.php
// DEMONSTRATE HOW TO START SESSIONS THAT WORK IN DIFFERENT SUBDOMAINS
error_reporting(E_ALL);
 
 
// GET DOMAIN WITHOUT WWW
$host = eregi_replace('^WWW', '', "$_SERVER[HTTP_HOST]");
 
// START THE SESSION AND SET THE COOKIE FOR ALL SUBDOMAINS
$sess_name = session_name();
if (session_start())
{
	setcookie($sess_name, session_id(), NULL, '/', $host, FALSE, TRUE);
}
 
 
// LOAD UP SOME INFORMATION TO SHOW SESSION CONTENTS
$_SESSION["cheese"] = "Cheddar";
if (!isset($_SESSION["count"])) $_SESSION["count"] = 0;
$_SESSION["count"] ++;
 
 
// PUT UP TWO LINKS WITH DIFFERENT SUBDOMAINS
$gost = substr($host,1); // STRIP OFF THE DOT THAT WAS NEEDED FOR SETCOOKIE
$dmn_link = 'http://'    . $gost . '/RAY_dump_session.php';
$www_link = 'http://www' . $host . '/RAY_dump_session.php';
 
echo "<br/><a target=\"_blank\" href=\"$www_link\">$www_link</a>\n";
echo "<br/><a target=\"_blank\" href=\"$dmn_link\">$dmn_link</a>\n";
 
 
// SHOW WHAT IS IN COOKIE AND IN $_SESSION
echo "<pre>";
echo "COOKIE ";
var_dump($_COOKIE);
echo "\n\n";
echo "SESSION ";
var_dump($_SESSION);
 
echo "</pre>\n";
 
 
 
?>
<form method="post">
<input type="submit" value="CLICK ME" />
</form>

Open in new window

0
 
Ray PaseurCommented:
Here's the code that will visualize the cookie and session values across the domains.  Install these things and run them, and you will get an idea of how it can work for you.

Best regards, ~Ray
<?php // RAY_dump_session.php
error_reporting(E_ALL);
 
// START THE SESSION
session_start();
 
// DISPLAY THE VARS
echo "<pre>";
echo "COOKIE ";
var_dump($_COOKIE);
echo "\n\n";
echo "SESSION ";
var_dump($_SESSION);
 
 
 
echo "</pre>\n";

Open in new window

0
 
ucsdmbdmAuthor Commented:
Hi All,
I don't want to keep the session between different sub-domains. It's between completely different domains.

0
 
Ray PaseurCommented:
Sorry, you CAN share between sub-domains, but it just doesn't work that way between domains, and if the PHP security people find a way that makes it work, they will plug the hole.

If you have all the sites running under the same account at a shared hosting server, (like with "parked" domains) you may be able to share a data base.  Then you can program your way around the issue by simulating the session via the data base.  That's a lot of work, and it will lead to a very brittle installation for more reasons than you can anticipate.

I guess what I'm gently trying to say is "there's a right way and a wrong way" and an application design that depends on intimate communication between different domains -- well, I would not go there.

Can't you go back to the architect and tell them that this is an infeasible design?

Anyway, best of luck with your project. ~Ray
0
 
Ionut A. TudorPHP ProgrammerCommented:
0
 
agamalCommented:
is these web sites sharing the same mysql server ... or same database server ... if yes i think we can make a work around
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.