Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

php keep session active across multiple websites

Posted on 2009-02-19
9
Medium Priority
?
3,774 Views
Last Modified: 2013-12-12
Hi,
What's the best way of keeping track of session variable and using it across multiple domain ?
I have a login page which links to different services (domains). The session remains active within my main loging page and any other pages with the same domain. As soon as I click on one of the links, it gets lost and i can't access it anymore. How do I get over this issue and what's the best way of approaching it:

Here is an example:
main.com (there is a login on main.com)
As soon as the user logs in, he/she will see links to other sites he/she can access:
1.com
2.com
3.com
Once I click on 1.com or 2.com, the session is lost.
I want to give the users the ability to walk through 1.com, 2.com,3.com without the need to login again...


Ross

0
Comment
Question by:ucsdmbdm
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 8

Expert Comment

by:agamal
ID: 23687489
0
 
LVL 14

Accepted Solution

by:
Ionut A. Tudor earned 2000 total points
ID: 23687508
You can't do it, sorry, this would be a big security flaw if one domain can access any other domain's cookies!
Of course its possible to do it with subdomains of the same domain like agamal suggested, but if you want different domains its just not possible.
Good luck
0
 
LVL 14

Expert Comment

by:Ionut A. Tudor
ID: 23687535
You could try with session_set_save_handler() function to save the sessions to a database and from all those domains to access that DB. You'll need to pass the session id from one domain to another to access the correct values in database. But i can't say for sure if it will work, its just an option if you would like to try and tell us if it worked. Cheers
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 111

Expert Comment

by:Ray Paseur
ID: 23687920
The difference between 1.com and 2.com is as big as the difference between IBM.com and Hitachi.com -- in other words, they are isolated and separate domains.  But there may be hope.  Instead of using differen domains, you can use different sub-domains, something like one.mydomain.com and two.mydomain.com, etc.  It's possible to set a cookie that will persist across the subdomains, and that will enable you to create a persistent session across the subdomains.

Here is an example of how to get a session cookie that works across subdomains (they do not work that way by default).
<?php // RAY_session_cookie_domain.php
// DEMONSTRATE HOW TO START SESSIONS THAT WORK IN DIFFERENT SUBDOMAINS
error_reporting(E_ALL);
 
 
// GET DOMAIN WITHOUT WWW
$host = eregi_replace('^WWW', '', "$_SERVER[HTTP_HOST]");
 
// START THE SESSION AND SET THE COOKIE FOR ALL SUBDOMAINS
$sess_name = session_name();
if (session_start())
{
	setcookie($sess_name, session_id(), NULL, '/', $host, FALSE, TRUE);
}
 
 
// LOAD UP SOME INFORMATION TO SHOW SESSION CONTENTS
$_SESSION["cheese"] = "Cheddar";
if (!isset($_SESSION["count"])) $_SESSION["count"] = 0;
$_SESSION["count"] ++;
 
 
// PUT UP TWO LINKS WITH DIFFERENT SUBDOMAINS
$gost = substr($host,1); // STRIP OFF THE DOT THAT WAS NEEDED FOR SETCOOKIE
$dmn_link = 'http://'    . $gost . '/RAY_dump_session.php';
$www_link = 'http://www' . $host . '/RAY_dump_session.php';
 
echo "<br/><a target=\"_blank\" href=\"$www_link\">$www_link</a>\n";
echo "<br/><a target=\"_blank\" href=\"$dmn_link\">$dmn_link</a>\n";
 
 
// SHOW WHAT IS IN COOKIE AND IN $_SESSION
echo "<pre>";
echo "COOKIE ";
var_dump($_COOKIE);
echo "\n\n";
echo "SESSION ";
var_dump($_SESSION);
 
echo "</pre>\n";
 
 
 
?>
<form method="post">
<input type="submit" value="CLICK ME" />
</form>

Open in new window

0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 23687928
Here's the code that will visualize the cookie and session values across the domains.  Install these things and run them, and you will get an idea of how it can work for you.

Best regards, ~Ray
<?php // RAY_dump_session.php
error_reporting(E_ALL);
 
// START THE SESSION
session_start();
 
// DISPLAY THE VARS
echo "<pre>";
echo "COOKIE ";
var_dump($_COOKIE);
echo "\n\n";
echo "SESSION ";
var_dump($_SESSION);
 
 
 
echo "</pre>\n";

Open in new window

0
 

Author Comment

by:ucsdmbdm
ID: 23688350
Hi All,
I don't want to keep the session between different sub-domains. It's between completely different domains.

0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 23688379
Sorry, you CAN share between sub-domains, but it just doesn't work that way between domains, and if the PHP security people find a way that makes it work, they will plug the hole.

If you have all the sites running under the same account at a shared hosting server, (like with "parked" domains) you may be able to share a data base.  Then you can program your way around the issue by simulating the session via the data base.  That's a lot of work, and it will lead to a very brittle installation for more reasons than you can anticipate.

I guess what I'm gently trying to say is "there's a right way and a wrong way" and an application design that depends on intimate communication between different domains -- well, I would not go there.

Can't you go back to the architect and tell them that this is an infeasible design?

Anyway, best of luck with your project. ~Ray
0
 
LVL 14

Expert Comment

by:Ionut A. Tudor
ID: 23688418
0
 
LVL 8

Expert Comment

by:agamal
ID: 23688501
is these web sites sharing the same mysql server ... or same database server ... if yes i think we can make a work around
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Strategic internal linking is often considered an SEO power technique, especially for content marketing. Do you need to hire an SEO agency to optimize you internal linking? No, this article will help you understand the basics of internal linking and…
Why WooCommerce is one of the majorly favored choices when it comes to having an eCommerce store. This article will acquaint you with some reasons that I believe make it one of the best eCommerce platforms available.
This video teaches users how to migrate an existing Wordpress website to a new domain.
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question