There is no built-in way to do what you are speaking about here (that I 
know of), but there is a pretty easy technique. However, even this 
requires a lot of work to integrate into your existing code, but it will 
ease all future additions and maintenance.

Keep a variable called something like $next_query_string (so you don't 
confuse it with the current one - you can just use $query or something 
if you prefer brevity), and keep up with any and all variables that you 
may need to include in all of your external links to other affiliated sites.

For example:


For all links where you're wanting to include the session ID in the URL, 
build them as follows:

<a href="<? echo $next_query_string; ?>">Site 3</a>

I'm sure this seems like just as much work, but once in place, your 
development will be much easier.

This will also allow you to add conditional logic to which sites receive 
the "special sauce" in their URL. :-)

if (in_array("", $hosts_allow))
<a href="<? echo $next_query_string; ?>">Site 3</a>
<a href="";>Site 3</a>

This will also allow you to make global changes to how you handle this 
cross-domain session management. I wrote an extensive CDSM specification 
for the USPS to use (if you ever notice, many of their "services" are 
not in the domain) that leverages the HTTP protocol to maintain 
*some* security. I would recommend that you also consider passing 
additional information on the URL that is, for example, some encrypted 
information about the client that would at least be somewhat challenging 
to spoof. This would make it more difficult for someone to impersonate 
your user, since more than just the session ID on the URL would be 
necessary. How secure you want to make this needs to be balanced with 
your performance requirements, of course, because checks do take time.

Just a suggestion.

Happy hacking.


Stefen Lars wrote:

> Hello all fellow-hackers
> I am working on a project that includes a number of web sites, which 
> are grouped together into one network. Kind of like the 'OSDN' 
> network, of which, for example, is a member. 

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to