Re: [PHP] Setting cookie for two domains.
Shafiq Rehman wrote: Hi, How can I register a session or cookie for two domains. I want to maintain logged user's state when he goes from one domain to other domain. Example Suppose a user is logged in on domain1.com. A cookie is set and user is authenticated from database on the basis of that cookie. When he goes from domain1.com to domain2.com, I want he remains loggedin on domain2.com. I do not want any query string. Is it possible by playing with cookie or session settings? Please advise if anybody has faced such problem. Evil Haxors face this problem everyday - sovling it involves using security vulnerabilities in browsers (and possibly servers); technically what you ask is not possible - the whole point of cookies is that they are only available to the issuing domain; there is no concept of trusted domains with HTTP. having said that if you allow it to work via something in the URL (e.g. GET param) then it's doable (chap named Mark gave you an answer to this affect). I just had thought for a completely different way of doing it: it requires 3 domains: 1. domain1.com 2. domain2.com 3. domain3.com domain1.com unconditionally/always redirects to domain1.domain3.com domain2.com unconditionally/always redirects to domain2.domain3.com *.domain3.com is where every really happens. all logs/sessions occur under the domain3.com domain - and sharing cookies between subdomains IS allowed :-) hope you understand what I mean. Regards http://www.phpgurru.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Setting cookie for two domains.
Shafiq Rehman wrote: How can I register a session or cookie for two domains. I want to maintain logged user's state when he goes from one domain to other domain. My Sat TV provider uses something like what you want to allow me to navigate through their website and the websites of different channels without having to login on each website. Basically how I think they do it: - They have a database with the subscriber information which is shared by all the sites. - When you login, a popup window open (if popups are disabled it happens in your main window) which jumps from domain to domain and set the cookie with your session id. - When you logout the database does no longer contain the session id. The cookie is still set but the site checks the validity of the session id and if it is not valid anymore then you have to login again. So basically: After login you set the session cookie then open a page on the other domain passing the session id to it with GET / POST. That page sets the cookie for that domain and sends the user on in the process. When you logout you can then unset the cookie on the domain and open a page on the other domain to unset the cookie or simply invalidate the session id in a database. If you do this you need to check if the session id is still valid when you open a page. The actual session data should then be in a database (or similar) accessible by both domains. Hope it helps Albert List replies only please!! -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.371 / Virus Database: 267.14.13/221 - Release Date: 2006/01/04 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Setting cookie for two domains.
Hi, How can I register a session or cookie for two domains. I want to maintain logged user's state when he goes from one domain to other domain. Example Suppose a user is logged in on domain1.com. A cookie is set and user is authenticated from database on the basis of that cookie. When he goes from domain1.com to domain2.com, I want he remains loggedin on domain2.com. I do not want any query string. Is it possible by playing with cookie or session settings? Please advise if anybody has faced such problem. Regards http://www.phpgurru.com