Sessions

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Smackie
Forum Contributor
Posts: 302
Joined: Sat Jan 29, 2005 2:33 pm

Sessions

Post by Smackie »

Does anyone know how i can keep a session going when i go from like http://www.mysite.com to like https://myhost.dns.com/~username? (the second name is so the page is secured if someone can help me please leave a message..

Thank you
Smackie
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

You'll have to transfer the session via a separate process, such as through the database.
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Post by Christopher »

You can pass the session id manually and then attempt to restart the session with the id that was passed. This is a common way to prevent the "dropped cart" problem of virtual hosts with shared SSL servers.

There are security issues with this method, so make sure that you have a way to verify that the session is not being spoofed. Usually you generate a unique key on the calling side, save it in the session, pass it as a parameter, and then check for a match between the parameter and the values in the session on the receiving page.
(#10850)
User avatar
raghavan20
DevNet Resident
Posts: 1451
Joined: Sat Jun 11, 2005 6:57 am
Location: London, UK
Contact:

Post by raghavan20 »

feyd wrote:You'll have to transfer the session via a separate process, such as through the database.
do you mean to say that two hosts should share the session details table?

aborint do you mean to get session id from another host and register using $_SESSION['PHPSESSID'] = $new_id??

This is new to me...can you guys give more information on doing this??
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Post by josh »

No, there is only one host, that second URL is the 'real' url to his site and he is set up as a virtualhost. He is simply passing the session_id in the GET string or through POST data and creating the session from that with session_id()
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Post by Christopher »

raghavan20 wrote: aborint do you mean to get session id from another host and register using $_SESSION['PHPSESSID'] = $new_id??

This is new to me...can you guys give more information on doing this??
I am not clear on the exact problem, but you can have trouble when you want to go back and forth between two domains on the same server and maintain the session. (if they are two separate servers then you need a shared DB solution)

I was thinking of code like this on the receiving page:

Code: Select all

$sessionid = preg_replace('/[^a-zA-Z0-9\_\-]/', '', $_GET['PHPSESSIONID']);
$uniqueid = preg_replace('/[^a-zA-Z0-9\_\-]/', '', $_GET['UNIQUEID']);
session_start($sessionid); // force session to start with passed ID
if (! isset($_SESSION['UNIQUEID'] || ($_SESSION['UNIQUEID'] != $uniqueid)) {
     die('Invalid session ID');
}
(#10850)
Post Reply