>Hello all fellow-hackers
>I am working on a project that includes a number of web sites, which are
>grouped together into one network. Kind of like the ‘OSDN’ network, of which
>Slashdot.org, for example, is a member.
>I need to implement a cross-site session. Using a technique, similar to the
>one described at PHPBuilder
>(http://www.phpbuilder.com/columns/chriskings20001128.php3) I implemented
>this without too much difficulty.
>The links at the top of each site (links to other sites in the network)
>simply include the session id in the GET request:
><a href="http://www.site.com/?sid=1234567";>Site1</a> | <a
>href="http://www.site2.com/?sid=1234567";>Site2</a> | <a
>href="http://www.site3.com/?sid=1234567";>Site3</a> etc
>As per article, the session id is passed between the sites with ease and the
>session from Site 1 can be continued on Site 3 for example.
>However, there are a number of cross-site links in the main body of the site
>(i.e. not in the network link bar at the top of the page) that link various
>articles from one site to another.
>Thus, when a user clicks on one of these cross-site links, s/he cannot
>continue her/his session, as the session ID is not propagated; the
>‘--enable-trans-sid’ option only works on internal links (a very wise design
>choice, may I add).
>However, in my case, I would like to be able to define a list of external
>sites that the ‘--enable-trans-sid’ option works with. (i.e. the sites in
>the network).
>Is this possible?
>If not, which method could I use to propagate the session id between the
>sites in the network?
>I know, it would be possible to manually add the session id to each
>cross-site link, but this is not a great idea, as a number of the links are
>from web site visitors in user-comments / forum posts they have submitted.
>I may be possible to use output buffering to rewrite the cross-site links to
>include the session id (like the ‘--enable-trans-sid’ option works, I
>guess). But, as I am using compression
>(ob_start("zlib.output_compression");), that may not work. Plus, it seems a
>very fiddly method to me.
>Any suggestions from anyone, on how I may perform the cross-site session

Wild Guess:

Would setCookie('user_id', $PHPSESSID, 0, '/othersite.com');

let you get away with setting the cookies for the "other" site?

Surely not, or you could wipe out other site's cookies, or worse, replace
them with hacker data...

But 5 minutes will tell you for sure...

Hey, but all those stupid "Banner Ad" sites give me a cookie from the
*other* guy's site.

All ya gotta do is have three invisible GIFs on all three sites that come
from the *other* sites and the GIF does the set_cookie() of whatever their
user ID is.

Like Music?  http://l-i-e.com/artists.htm

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to