I have a php site which has a menu frame and a data frame.
The php site uses sessions and works great across both frames, but when I load this site into a frameset which is stored on another domain the session acts all wierd. On investigation I see this will happen
I'm doing this because ... my customer has a domain name and wants to point at my php site but have the address bar show his domain name, thus I have framed it.
If I log into the menu frame it understands the session variable which is great, but the data frame doesn't recognise the session variable, which I assume is because I'm across multiple domains.
The menu frame calls a JavaScript function to launch a URL into data frame. So, could I just pass in a variable which says I'm logged in and have the data frame pick up that variable from the URL and set the session variable in that frame? Is there any security risk in using this method?
... or does anyone have any other ideas?