Persisting Session data over 2 domains

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
determinedmoth
Forum Commoner
Posts: 33
Joined: Wed Jul 07, 2004 9:13 am

Persisting Session data over 2 domains

Post by determinedmoth »

I have a multi-geographic site running on 1 central server. For example I have the following domains pointing to folders within the site root;

domain.co.uk = /site/uk
domain.co.za = /site/za
domain-admin.com = /site/admin

They all use global authentication scripts, and the requirement is that the administrator can log in via domain-admin.com, and session data will carry over all 3 domains.

For now, I can only log in the user under the parent URL.

I'm reluctant to use cookies, or pass the Session ID via the URL.

I have full control over the server, php.ini / apache etc and can edit pretty much anything to make it work.

I hope that makes sense, and thank you.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

You have to pass the session ID via the URL. There's no way around it. Cookies won't transfer across domains, you can't rely on their IP, etc.
determinedmoth
Forum Commoner
Posts: 33
Joined: Wed Jul 07, 2004 9:13 am

Post by determinedmoth »

Ok.
I was hoping there would be some hack in Apache to do this.

Thank you.
Ward
Forum Commoner
Posts: 74
Joined: Thu Jul 13, 2006 10:01 am

Post by Ward »

You can't read cookies from other domains, but you are allowed to specify the domain when setting a cookie. What about something like this:

When a user logs in successfully, instead of only setting a cookie for the site he is on, why not set cookies for the other domains as well? Each cookie would need a unique name, but it should work.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

I don't think that's possible. I thought cookies would only set if the domain/path was on the domain setting the cookie. I could be wrong about this though.
determinedmoth
Forum Commoner
Posts: 33
Joined: Wed Jul 07, 2004 9:13 am

Post by determinedmoth »

I've tried sending the SID via the URL, but this doesn't work across different URL's either.

I was playing with this:

Code: Select all

ini_set('session.referer_check', 'myothersite.com');
session_start();
echo $_SESSION['myvar'];
But it wont work.

Time for a drink. I'll come back to it monday!
Ward
Forum Commoner
Posts: 74
Joined: Thu Jul 13, 2006 10:01 am

Post by Ward »

I dont think it will work using the same session ID. I'm pretty sure your session ID is tied to the domain it was created for. It is possible to set a cookie for another domain, just not read one from another. For it to work, you'll probably need to create a custom cookie-based login system. I would probably write is as a class, for ease of use.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

It's not possible to write cookies for other domains. That would be a massive security hole in a browser if it allowed such an action. You may attempt it, but the browser will ignore the cookie.
determinedmoth
Forum Commoner
Posts: 33
Joined: Wed Jul 07, 2004 9:13 am

Post by determinedmoth »

All the session data is, is the auth level of the user.

I guess when I "link" to the other sites, I could send the info via $_POST to a log in script on the other site.
User avatar
kbrown3074
Forum Contributor
Posts: 119
Joined: Thu Jul 20, 2006 1:36 pm

Post by kbrown3074 »

I think the $_POST is probably the best way to do it.
Post Reply