passing session data to remote frame resource

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
james_k
Forum Newbie
Posts: 7
Joined: Wed May 18, 2005 9:27 am
Location: Toronto

passing session data to remote frame resource

Post by james_k »

The scenario is an extranet that uses a single sign-on to log the user into various web applications. The landing page on login is a 3-frame page and starts a session with some basic variables.

I'm just curious how remote-resources in a frame are handled in the session -- are they a part of the active session or do they generate their own?

Reason being I'd like to pass session variables to the frame and the remote script. Is that even possible?

I've been digging through these forums and will be going through some of the resources in the sticky, but if anyone can offer up some ideas or discussion, I'd really appreciate it.

Cheers,

-J
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

the session data would have to be passed via URL or a form submission if the "remote" page is off-domain.. Technically, it is possible to share the session data between different domains as long as they have access to a central repository of the information, but it can be fairly painful, to say the least..
james_k
Forum Newbie
Posts: 7
Joined: Wed May 18, 2005 9:27 am
Location: Toronto

Post by james_k »

via URL is scary to me... was hoping I could avoid doing POST too, but I guess that's the quick way of doing it.

Still not entirely safe though -- anyway

Thanks.

When I get the chance I'll be redesigning this thing to use a central LDAP server. Any reccommended reading for using LDAP with PHP?

All the best,

-J
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

not specifically.. but the LDAP section in the PHP manual has quite a bit of information: http://php.net/ldap
Post Reply