James's answer is likely what you are looking for. As there are many different ways to maintain sessions, you're going to get many different answers.
However, the default behavior for PHP sessions is to assign the unique identifier to a cookie. If this cookie has a domain of .web.com (see James's answer below for how), then Web sites at secure.web.com and www.web.com will both be able to read it. Thus, you would need to make no adjustments; you will be using the same session. This is not cross-domain state management... The only caveat is the case where you are running these two domains on two physically separate machines. If this is the case, the above suggestion won't help you without some work. The work in this case would be to store your session data in a database, because the default behavior is to store it on the filesystem. Since you state, "both web sites point to the same set of data," I assume they are either both located on the same machine or both have access to a common database, so one of these methods will work for you. Happy hacking. Chris James E Hicks III wrote: >Have a look at this php.ini setting, I think it will help you! > >; The domain for which the cookie is valid. >session.cookie_domain = > >-----Original Message----- >From: David Buerer [mailto:[EMAIL PROTECTED]] > >Suppose I have two websites: > secure.web.com > www.web.com <http://www.web.com> > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php