Jump to content

sessions across site


redbullmarky

Recommended Posts

Hi All

Just hoping to get a bit of advice about how to approach this one.
I'm currently redeveloping a clients' site. This site is hosted on a server with the www.mysite.[b]com[/b] domain name. the new site exists on my own server, and has the same domain name with the co.uk equivalent: www.mysite.[b]co.uk[/b]

Now - the new site is not ready, but one particular feature is, which the old site will link to via its navigation.

The new site and the new feature needs to know if the user is logged in on the old site. The old site keeps a user logged in using Session variables.

Can anyone think of the best way that I can pass the session details from the old site to the new without sending them in the clear or exposing any security problems?

Cheers
Mark
Link to comment
Share on other sites

Yeah I think you should use databases to communicate between sites.
I don't think cookies would work.

But if you transfer session data (check session.save_path), and can pass the session id using... Maybe that could work, dunno.
Link to comment
Share on other sites

[!--quoteo(post=382255:date=Jun 10 2006, 05:17 PM:name=joquius)--][div class=\'quotetop\']QUOTE(joquius @ Jun 10 2006, 05:17 PM) [snapback]382255[/snapback][/div][div class=\'quotemain\'][!--quotec--]
well if you ran a DB based session and both sites are working with the same database that would be no problem
[/quote]

hi
i've actually looked at this one - although the coding on the old site is so poorly coded that getting it hooked up with custom sessions (which the new site actually uses) would be far too much effort. i've thought also about using a script on the old site to $_POST the values to the new site, only once again it's a ballache doing anything with the old code, and as its unfamiliar territory (POSTing values to a site without forms), i wouldnt be comfortable doing it as i'd want to keep things secure and solid.

Cheers though - any more thoughts from either of you or anyone else would be appreciated

Mark
Link to comment
Share on other sites

$_SESSION's when are just serialized arrays. You can do this:

1. Create a mysql database with the fields "session_id" and "session_data".
2. From the old site, store the users session_id and serialized session data, like:

[code]$id = session_id();
$data = serialize($_SESSION);

mysql_query("INSERT INTO `sessions` (session_id, session_data) VALUES ('$id', '$data'");[/code]

3. Pass the session ID via post/get
4. Retrieve it from the other site, and populate session variables.
5. Delete the entry.

NOTE: Obviously both sites must access the same database
Link to comment
Share on other sites

You can use this php function:

session_set_cookie_params ( int lifetime [, string path [, string domain [, bool secure]]] )

--try using '.domainname.com' as the domain --starts with '.'
or try '*.domainname.com' --start with '*.'

--the function would have to be reexecuted on every new page.
Link to comment
Share on other sites

[!--quoteo(post=382343:date=Jun 10 2006, 02:11 PM:name=mainewoods)--][div class=\'quotetop\']QUOTE(mainewoods @ Jun 10 2006, 02:11 PM) [snapback]382343[/snapback][/div][div class=\'quotemain\'][!--quotec--]
You can use this php function:

session_set_cookie_params ( int lifetime [, string path [, string domain [, bool secure]]] )

--try using '.domainname.com' as the domain --starts with '.'
or try '*.domainname.com' --start with '*.'
[/quote]
I don't think that would be possible.
Or we could all steal other people's sessions, couldn't we?
Link to comment
Share on other sites

-it's supposed to work. Read it on user contributed notes on php.net. Usually xxxxx.domain.com would just be a subdomain of the main domain. I never thought of it, but you're right, that would be a security problem on shared web hosts.

I found it in the user contributed notes about halfway down this page:

[a href=\"http://us2.php.net/manual/en/function.setcookie.php\" target=\"_blank\"]http://us2.php.net/manual/en/function.setcookie.php[/a]

-It has to do with cookies but I assume it has to do with sessions too

--tell me if this actually works because it would be a security risk if it did!
Link to comment
Share on other sites

Hi
Thanks for your suggestions. I think, poirot, that your way would probably be more suitable in this case. The ONLY gripe is that i'm not really a fan of allowing access to a database via anything other than 'localhost', but as it would seem to work, its prob gonna be the best solution here so far.

Cheers
Mark
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.