[PHP] Sessions /Cross Domain
Are sessions domain specific? What I mean is this. Suppose I have two websites: secure.web.com www.web.com http://www.web.com and both web sites point to the same set of data. If I looking at web page http://www.web.com/index.html http://www.web.com/index.html and have a set of session variables defined and then I call the page https://secure.web.com/index.html https://secure.web.com/index.html do I still have access to the same session variables?
Re: [PHP] Sessions /Cross Domain
Domains are specific, and so you do not get the same sesion variables. here's are ways around this, but you need control of the content of both servers. Cheers, Rob. David Buerer wrote: Are sessions domain specific? What I mean is this. Suppose I have two websites: secure.web.com www.web.com http://www.web.com and both web sites point to the same set of data. If I looking at web page http://www.web.com/index.html http://www.web.com/index.html and have a set of session variables defined and then I call the page https://secure.web.com/index.html https://secure.web.com/index.html do I still have access to the same session variables? -- .-. | Robert Cummings | :-`. | Webdeployer - Chief PHP and Java Programmer | :--: | Mail : mailto:[EMAIL PROTECTED] | | Phone : (613) 731-4046 x.109 | :--: | Website : http://www.webmotion.com | | Fax : (613) 260-9545 | `--' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sessions /Cross Domain
Yeah, I believe so, but you could reinitialize them when you jump to the other webserver, or you use one mysql database for sessionmanagement for both webservers. Ciao Sascha - Original Message - From: David Buerer [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 18, 2002 7:38 PM Subject: [PHP] Sessions /Cross Domain Are sessions domain specific? What I mean is this. Suppose I have two websites: secure.web.com www.web.com http://www.web.com and both web sites point to the same set of data. If I looking at web page http://www.web.com/index.html http://www.web.com/index.html and have a set of session variables defined and then I call the page https://secure.web.com/index.html https://secure.web.com/index.html do I still have access to the same session variables? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sessions /Cross Domain
My first assumption would be yes they are domain specific, but it might be possible to cross domains if both domains were run from the same web server and you were to pass the session id between pages manually rather than it being stored in a cookie.. What does everyone else think? - Jacob At 02:06 09/19/2002, Robert Cummings wrote: Domains are specific, and so you do not get the same sesion variables. here's are ways around this, but you need control of the content of both servers. Cheers, Rob. David Buerer wrote: Are sessions domain specific? What I mean is this. Suppose I have two websites: secure.web.com www.web.com http://www.web.com and both web sites point to the same set of data. If I looking at web page http://www.web.com/index.html http://www.web.com/index.html and have a set of session variables defined and then I call the page https://secure.web.com/index.html https://secure.web.com/index.html do I still have access to the same session variables? -- .-. | Robert Cummings | :-`. | Webdeployer - Chief PHP and Java Programmer | :--: | Mail : mailto:[EMAIL PROTECTED] | | Phone : (613) 731-4046 x.109 | :--: | Website : http://www.webmotion.com | | Fax : (613) 260-9545 | `--' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Sessions /Cross Domain
I do have control over the content of both domains...in fact right now it's the identical contenteven the same physical data store on the disk, I just seem to be losing session variables for one reason or another. DAvid -Original Message- From: Robert Cummings [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 18, 2002 11:06 AM To: David Buerer Cc: '[EMAIL PROTECTED]' Subject: Re: [PHP] Sessions /Cross Domain Domains are specific, and so you do not get the same sesion variables. here's are ways around this, but you need control of the content of both servers. Cheers, Rob. David Buerer wrote: Are sessions domain specific? What I mean is this. Suppose I have two websites: secure.web.com www.web.com http://www.web.com and both web sites point to the same set of data. If I looking at web page http://www.web.com/index.html http://www.web.com/index.html and have a set of session variables defined and then I call the page https://secure.web.com/index.html https://secure.web.com/index.html do I still have access to the same session variables? -- .-. | Robert Cummings | :-`. | Webdeployer - Chief PHP and Java Programmer | :--: | Mail : mailto:[EMAIL PROTECTED] | | Phone : (613) 731-4046 x.109 | :--: | Website : http://www.webmotion.com | | Fax : (613) 260-9545 | `--'
Re: [PHP] Sessions /Cross Domain
Sascha Braun wrote: Yeah, I believe so, but you could reinitialize them when you jump to the other webserver, or you use one mysql database for sessionmanagement for both webservers. Not exactly true, since if they jump to another server, you can make the assumption they have a session cookie if they referrer is given, or if you set their session ID in the URL. This however breaks down if they don't click to the second site but go there without using the first as a jump point. A sneakier, but more effective solution IMHO, is to bury an invisible 1x1 pixel in the first site which is located on the second server and vice versa in the second site. This 1x1 pixel should actually be a PHP script and you pass it the newly generated session ID, or permanent cookie ID, so that the second site can synch up on the same ID, which is only really useful if they use a shared database :) Cheers, Rob. -- .-. | Robert Cummings | :-`. | Webdeployer - Chief PHP and Java Programmer | :--: | Mail : mailto:[EMAIL PROTECTED] | | Phone : (613) 731-4046 x.109 | :--: | Website : http://www.webmotion.com | | Fax : (613) 260-9545 | `--' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sessions /Cross Domain
Normaly you store SESSION Data in variables. When you make the step to another domain, you should reassign a new Session and give to data of the old session to the new one. Or isn't is possible to put some date behind an url like www.somedomain.com?check=itout=mh If you are working with databases you just have to take some values out of your session, like username and password, or some like this and find out, what data in the database belongs to this user (basket, or viewed artikels) But you still need to work with one database for both servers, or write all data to both databases (Server1 Server2) Am I wrong are would this work out? Sascha - Original Message - From: David Buerer [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 18, 2002 7:48 PM Subject: RE: [PHP] Sessions /Cross Domain I do have control over the content of both domains...in fact right now it's the identical contenteven the same physical data store on the disk, I just seem to be losing session variables for one reason or another. DAvid -Original Message- From: Robert Cummings [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 18, 2002 11:06 AM To: David Buerer Cc: '[EMAIL PROTECTED]' Subject: Re: [PHP] Sessions /Cross Domain Domains are specific, and so you do not get the same sesion variables. here's are ways around this, but you need control of the content of both servers. Cheers, Rob. David Buerer wrote: Are sessions domain specific? What I mean is this. Suppose I have two websites: secure.web.com www.web.com http://www.web.com and both web sites point to the same set of data. If I looking at web page http://www.web.com/index.html http://www.web.com/index.html and have a set of session variables defined and then I call the page https://secure.web.com/index.html https://secure.web.com/index.html do I still have access to the same session variables? -- .-. | Robert Cummings | :-`. | Webdeployer - Chief PHP and Java Programmer | :--: | Mail : mailto:[EMAIL PROTECTED] | | Phone : (613) 731-4046 x.109 | :--: | Website : http://www.webmotion.com | | Fax : (613) 260-9545 | `--' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sessions /Cross Domain
That seems to be a more perfekt way. Honorabel, nice. Sascha - Original Message - From: Robert Cummings [EMAIL PROTECTED] To: Sascha Braun [EMAIL PROTECTED] Cc: PHP Mailingliste [EMAIL PROTECTED]; David Buerer [EMAIL PROTECTED] Sent: Wednesday, September 18, 2002 8:16 PM Subject: Re: [PHP] Sessions /Cross Domain Sascha Braun wrote: Yeah, I believe so, but you could reinitialize them when you jump to the other webserver, or you use one mysql database for sessionmanagement for both webservers. Not exactly true, since if they jump to another server, you can make the assumption they have a session cookie if they referrer is given, or if you set their session ID in the URL. This however breaks down if they don't click to the second site but go there without using the first as a jump point. A sneakier, but more effective solution IMHO, is to bury an invisible 1x1 pixel in the first site which is located on the second server and vice versa in the second site. This 1x1 pixel should actually be a PHP script and you pass it the newly generated session ID, or permanent cookie ID, so that the second site can synch up on the same ID, which is only really useful if they use a shared database :) Cheers, Rob. -- .-. | Robert Cummings | :-`. | Webdeployer - Chief PHP and Java Programmer | :--: | Mail : mailto:[EMAIL PROTECTED] | | Phone : (613) 731-4046 x.109 | :--: | Website : http://www.webmotion.com | | Fax : (613) 260-9545 | `--' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Sessions /Cross Domain
Have a look at this php.ini setting, I think it will help you! ; The domain for which the cookie is valid. session.cookie_domain = James -Original Message- From: David Buerer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 18, 2002 1:39 PM To: '[EMAIL PROTECTED]' Subject: [PHP] Sessions /Cross Domain Are sessions domain specific? What I mean is this. Suppose I have two websites: secure.web.com www.web.com http://www.web.com and both web sites point to the same set of data. If I looking at web page http://www.web.com/index.html http://www.web.com/index.html and have a set of session variables defined and then I call the page https://secure.web.com/index.html https://secure.web.com/index.html do I still have access to the same session variables? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sessions /Cross Domain
James's answer is likely what you are looking for. As there are many different ways to maintain sessions, you're going to get many different answers. However, the default behavior for PHP sessions is to assign the unique identifier to a cookie. If this cookie has a domain of .web.com (see James's answer below for how), then Web sites at secure.web.com and www.web.com will both be able to read it. Thus, you would need to make no adjustments; you will be using the same session. This is not cross-domain state management... The only caveat is the case where you are running these two domains on two physically separate machines. If this is the case, the above suggestion won't help you without some work. The work in this case would be to store your session data in a database, because the default behavior is to store it on the filesystem. Since you state, both web sites point to the same set of data, I assume they are either both located on the same machine or both have access to a common database, so one of these methods will work for you. Happy hacking. Chris James E Hicks III wrote: Have a look at this php.ini setting, I think it will help you! ; The domain for which the cookie is valid. session.cookie_domain = -Original Message- From: David Buerer [mailto:[EMAIL PROTECTED]] Suppose I have two websites: secure.web.com www.web.com http://www.web.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
