httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Pasher <just...@newmediagateway.com>
Subject Re: [users@httpd] Keep session variables alive
Date Fri, 03 Oct 2008 14:11:09 GMT
Cassiel wrote:
> Hi you all,
>
> I would like to keep session variables alive, between two PHP coded 
> website, currently two virtual hosts.
> This is in order to let users login from the main one and then switch 
> between the twos without loosing $_SESSION info.
>
> Any suggestion is appreciated.
>
> regards
> raffaele

A session variable is simply a cookie in the user's browser that holds 
their session ID (unless you happen to be keeping tracking of the 
session ID through the URL, which is a bigger security risk). You won't 
be able to make it work across two different domain names, as this would 
be a security hole. If the two virtualhosts share the same top level 
domain (such as sub1.example.com and sub2.example.com), then it is 
possible as long as the cookie is tied to example.com as opposed to 
sub1.example.com or sub2.example.com.

Otherwise, you'll have to maintain the "link" between the two sites 
yourself, such as passing some sort of hash information from one site to 
the other that tells the site the user's login information. Keep in mind 
this is not the most secure way of doing things, but you just have to 
remember that the browse will think domain1.com and domain2.com are 
completely different web site, even if they are the "same" logically.

-- 
Justin Pasher

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message