Page 1 of 1

Sessions Across Multiple Subdomains

Posted: Sun Dec 29, 2002 5:46 pm
by justravis
First, I would look to say I seached the forum archive for the answer to this newbie question, but nothing came up. Sorry.

You know how logging in to mail.yahoo.com also logs u into calendar.yahoo.com? I'm trying to do something similar.

I used sessions WITHOUT cookies to create the original login system. If I want that same session to span across all subdomains, do i need to implement cookies?

If not, can u tell me what I need to do? Or direct me to a turtorial?

Posted: Sun Dec 29, 2002 8:05 pm
by Gen-ik
I know you can't cross actual domains with a session.. and as far as I know it's not possible over sub-domains either.. for exactly the same reason.. security.

I have tried a number of times on my own server with no luck.

Posted: Sun Dec 29, 2002 11:43 pm
by phice
Security, indeed.

What if you owned sub1.jsj234.com, and another person owned sub2.jsj234.com? Then, the sessions created by sub1 would be the same as in sub2.

Hopefully there will be a fix, or something that works around that, without having to use cookies.

Though, Yahoo does use cookies. (I think :/)

Posted: Mon Dec 30, 2002 9:28 am
by Gen-ik
If you have access to one you could always chuck the session information into a Mysql Database so that the other sub-domain has access to the information.. you would then just need to send a variable to the other sub-domain letting it know where the session details were in the database.

Don't know why I didn't think of this in the first place.. doh!

I'm off to try it now.

Posted: Mon Dec 30, 2002 11:08 am
by BDKR
A database is where sessions information is stored in all systems having anykind of real size to them. Otherwise, how would you deal with cookies in a web farm?

Cheers,
BDKR[/i]