Page 1 of 1
Sessions Across Multiple Subdomains
Posted: Sun Dec 29, 2002 5:46 pm
by justravis
First, I would look to say I seached the forum archive for the answer to this newbie question, but nothing came up. Sorry.
You know how logging in to mail.yahoo.com also logs u into calendar.yahoo.com? I'm trying to do something similar.
I used sessions WITHOUT cookies to create the original login system. If I want that same session to span across all subdomains, do i need to implement cookies?
If not, can u tell me what I need to do? Or direct me to a turtorial?
Posted: Sun Dec 29, 2002 8:05 pm
by Gen-ik
I know you can't cross actual domains with a session.. and as far as I know it's not possible over sub-domains either.. for exactly the same reason.. security.
I have tried a number of times on my own server with no luck.
Posted: Sun Dec 29, 2002 11:43 pm
by phice
Security, indeed.
What if you owned sub1.jsj234.com, and another person owned sub2.jsj234.com? Then, the sessions created by sub1 would be the same as in sub2.
Hopefully there will be a fix, or something that works around that, without having to use cookies.
Though, Yahoo does use cookies. (I think :/)
Posted: Mon Dec 30, 2002 9:28 am
by Gen-ik
If you have access to one you could always chuck the session information into a Mysql Database so that the other sub-domain has access to the information.. you would then just need to send a variable to the other sub-domain letting it know where the session details were in the database.
Don't know why I didn't think of this in the first place.. doh!
I'm off to try it now.
Posted: Mon Dec 30, 2002 11:08 am
by BDKR
A database is where sessions information is stored in all systems having anykind of real size to them. Otherwise, how would you deal with cookies in a web farm?
Cheers,
BDKR[/i]