passing session across URLs

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
oraknabo
Forum Newbie
Posts: 14
Joined: Mon Oct 07, 2002 5:48 pm

passing session across URLs

Post by oraknabo »

My company has both MYDOMAIN.com and MYDOMAIN.net applied to an IP where I'm building an app. Only MYDOMAIN.net is secure and I've been able to pass the session ID from http://MYDOMAIN.net to https://MYDOMAIN.net without losing the session, but if someone comes through from http://MYDOMAIN.com and needs to access a secure page, the session is killed and a new one is started.

Is it possible to pass a sessionID from a .com to a .net through either POST or GET? I know that if I set ini_set("session.cookie_domain",".MYDOMAIN.net"); I can use multiple subdomains, but is there a way to allow different hostname extensions?

If possible, I'd also like to be able to share the same session between the IP address and the other extensions. Can anybody set me straight?
User avatar
Rook
Forum Newbie
Posts: 10
Joined: Thu Aug 21, 2003 10:40 am
Location: Euless, Tx.
Contact:

Re: passing session across URLs

Post by Rook »

Most likely your Session ID is being set in a cookie so you don't have to pass the ID through the url... So, you should append the Session ID to the query string.

Code: Select all

<?php
echo "<A HREF="www.this.net/index.php?" . strip_tags(SID) . "">link</a>";
?>
That should work...

- Rook.
oraknabo
Forum Newbie
Posts: 14
Joined: Mon Oct 07, 2002 5:48 pm

Post by oraknabo »

I've tried both that and a POST and neither works from .com to .net. Like you say, everything I read makes this look like it should work, but I do a print_r($_SESSION) on the page I'm going to and everything in the session goes to default as soon as I hit the link. The PHP refuses to apply the session to a different URL than the one it was created under.
Gen-ik
DevNet Resident
Posts: 1059
Joined: Mon Aug 12, 2002 7:08 pm
Location: London. UK.

Post by Gen-ik »

As far as I know you can't pass sessions() across different domains, not even sub-domains, for security reasons.

(hit me with a big stick if I am wrong)
User avatar
nielsene
DevNet Resident
Posts: 1834
Joined: Fri Aug 16, 2002 8:57 am
Location: Watertown, MA

Post by nielsene »

You can hack up some custom code to set two session cookies, one specifiying both domains. (If one were a subdomain, this wouldn't be needed, but as the TLD is different you have to play some funny games.)
User avatar
JayBird
Admin
Posts: 4524
Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:

Post by JayBird »

storing session data in a database would go to great lengths to help you solve your problem. if you wanted to, when you first make the jump to the second domain is when you would grab the session data from the database, then on subsequent page requests the session data would already be set for the second domain and no more DB calls would be needed.
Post Reply