--- Marek Kilimajer <[EMAIL PROTECTED]> wrote: > msession provides data storage, but you need a way to associate a > session with browser, this is usualy done with cookies and GET and POST > variables. Since cookies are send only to the originating domain, they > are ruled out if you wont to pass the session ID to another domain. You > need to use GET or POST variable.
Yes, but a cluster (the intended environment for msession) often has a single domain. It can have multiple domains, but I don't think it is safe to assume that is the case here. You can have a virtual IP and a load balancer to distribute the requests, round-robin DNS, or probably some other solution I may not be aware of. Regardless, the browser only distinguishes according to the domain name when deciding which cookies to send. Hope that helps. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ RAMP Training Courses http://www.nyphp.org/ramp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php