On Sun, Jul 12, 2009 at 12:37, Daniel Kolbo<kolb0...@umn.edu> wrote:
> Hello,
> How does one continue a php session on a different domain (domain B)
> than the domain (domain A) that started the session?

    Simple answer: you don't.

    Extended answer: you can, but only if the domains reside on the
same physical host, or in a setup where one domain can read the
physical files of another across hosts.  When you store information in
a $_SESSION array, it stores one key (the PHPSESSID value) in a cookie
on the client side, and then stores what is supposed to be a
more-secure version of the cookie - containing all of the stored data
- as a flat file on the server side (usually in /tmp or ~/tmp).  As
such, you shouldn't be able to read them from a different domain....
unless your host is insecure, in which you won't have to worry only
about this, but also full cross-site-scripting vulnerabilities.  Other
options would be "parking" or doing an "addon" domain, or something of
the like.  However, this all gets more into operating system and
network security, and HTTP server configurations.

    Combined answer: you can, but you should really re-evaluate your
code and current capabilities before trying to do so.  You may even
want to consider setting up a trust relationship with a centralized
database such as MySQL to allow the second domain to READ ONLY from
the first.  Check in the database on the first domain to see if a user
is logged in, if they were active within the last x
(seconds|minutes|hours), and from what IP they were logged in.  If
things seem to match up, write the $_SESSION variables for login
without prompting the user to re-authenticate manually.

</Daniel P. Brown>
daniel.br...@parasane.net || danbr...@php.net
http://www.parasane.net/ || http://www.pilotpig.net/
Check out our great hosting and dedicated server deals at

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to