Sessions Across Multiple Subdomains

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
justravis
Forum Commoner
Posts: 53
Joined: Mon Dec 16, 2002 3:18 am
Location: San Diego, CA
Contact:

Sessions Across Multiple Subdomains

Post by justravis »

First, I would look to say I seached the forum archive for the answer to this newbie question, but nothing came up. Sorry.

You know how logging in to mail.yahoo.com also logs u into calendar.yahoo.com? I'm trying to do something similar.

I used sessions WITHOUT cookies to create the original login system. If I want that same session to span across all subdomains, do i need to implement cookies?

If not, can u tell me what I need to do? Or direct me to a turtorial?
Gen-ik
DevNet Resident
Posts: 1059
Joined: Mon Aug 12, 2002 7:08 pm
Location: London. UK.

Post by Gen-ik »

I know you can't cross actual domains with a session.. and as far as I know it's not possible over sub-domains either.. for exactly the same reason.. security.

I have tried a number of times on my own server with no luck.
User avatar
phice
Moderator
Posts: 1416
Joined: Sat Apr 20, 2002 3:14 pm
Location: Dallas, TX
Contact:

Post by phice »

Security, indeed.

What if you owned sub1.jsj234.com, and another person owned sub2.jsj234.com? Then, the sessions created by sub1 would be the same as in sub2.

Hopefully there will be a fix, or something that works around that, without having to use cookies.

Though, Yahoo does use cookies. (I think :/)
Image Image
Gen-ik
DevNet Resident
Posts: 1059
Joined: Mon Aug 12, 2002 7:08 pm
Location: London. UK.

Post by Gen-ik »

If you have access to one you could always chuck the session information into a Mysql Database so that the other sub-domain has access to the information.. you would then just need to send a variable to the other sub-domain letting it know where the session details were in the database.

Don't know why I didn't think of this in the first place.. doh!

I'm off to try it now.
User avatar
BDKR
DevNet Resident
Posts: 1207
Joined: Sat Jun 08, 2002 1:24 pm
Location: Florida
Contact:

Post by BDKR »

A database is where sessions information is stored in all systems having anykind of real size to them. Otherwise, how would you deal with cookies in a web farm?

Cheers,
BDKR[/i]
Post Reply