From: Daniel Kolbo
> Daniel Brown wrote:
>> On Sun, Jul 12, 2009 at 12:37, Daniel Kolbo<> wrote:
>>> Hello,
>>> How does one continue a php session on a different domain (domain B)
>>> than the domain (domain A) that started the session?
>>     Simple answer: you don't.
> Thanks for the responses.
> Re: Simple answer
> I thought of another example.  My bank's website.  I sign-in and
> authenticate with "".  Then, i click credit card from
> and i'm redirected to "" without me having to reinput
> user/pass.  They clearly do it (granted they have a lot more resources
> then I do, but i'd still like to know how they are doing it).

My bank also does this, but it only works if Javascript is enabled when
I first log in. Otherwise the initial login fails and I do it again on
the second site. I haven't actually looked at the page sources to see
what they do. But I have NoScript configured to block all JS by default
so the initial login attempt always fails. It also reports blocked XSS
attempts on both pages. So whatever they are doing does not appear to be
very safe.

Bob McConnell

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to