Share Session with 2 Different Websites Residing on Same Server

[dlebowski]

I need to know if this is even possible.  I have found conflicting information on this online. 

 

Anyway, here is what I want to do.  I have two websites that reside on the same dedicated server.  Both have different IP's.  www.mywebsite1.com and www.mywebsite2.com. 

 

I need a user that logs in at www.mywebsite1.com to be able to pass the $_SESSION from www.mywebsite1.com to www.mywebsite2.com.  Any help on this would be cool.  Thanks in advance.

 

Ryan

[Adam]

Unless the domains both point to the same server you won't be able to do that, as the session data is stored on the server.

[dlebowski]

Both domains are on the same server.  This is my dedicated server with multiple websites setup on it.  I just need mywebsite1.com to pass the session credentials to mywebsite2.com.

[PFMaBiSmAd]

By default, the session id is propagated between pages using a cookie. Cookies are domain specific.

 

To do what you want would require that you pass the session id as a GET parameter on the end of the URL. The can read the session handling section of the php.net documentation to find out how you might do that.

[dlebowski]

I went here http://www.php.net/manual/en/session.idpassing.php and tried this, and it still only works if I use the same website.  So www.mywebsite1.com the session will pass to www.mywebsite1.com/test.php.  I still don't know how to do it over different websites. 

[PFMaBiSmAd]

So, you altered your code so that it would put the session id on the end of URL's and redirects, started a session on the first domain, switched to the other domain, observed that the session id was on the end of the URL being requested on the other domain, started a session on the other domain, and it was or was not the same session data?

 

Are you using the default \tmp session.save_path on both domains so that the session data files would be available to both domains?

[dlebowski]

So, you altered your code so that it would put the session id on the end of URL's and redirects, started a session on the first domain, switched to the other domain, observed that the session id was on the end of the URL being requested on the other domain, started a session on the other domain, and it was or was not the same session data?

 

What I am having a hard time understanding is do I need to use a certain variable for the session id at the end of the url?  For example, does it have to be "www.mywebsite.com/test.php?SESSIONID=" or something else?  Then do I use "GET" the same way on www.mywebsite2.com as I would when I get any other variable value from the URL?  Thanks for helping me.  If I can't get it, I am just going to use my database and pass like 4 different values to the db for authentication.

 

Are you using the default \tmp session.save_path on both domains so that the session data files would be available to both domains?

 

Yes, I am.

[PFMaBiSmAd]

If you force php to pass the session id on the end of the URL, the constant SID will contain the session name and the session id. You can then append this onto the end of the URL. If you are also passing other GET parameters on the end of the URL you will need to take that into account.

 

In just playing with this (setting 'session.use_cookies',0 and 'session.use_trans_sid',1 in the script), you would also need to test and use $_GET['PHPSESSID'] to set the session_id() in order to resume the session on the different domain.

[dlebowski]

Thanks for your help.  I will give it a shot.

[schilly]

I'm looking to do something similar to this. two different domains on the same server that need to share sessions.

 

How do you stop someone from sending a link with the session id to one of their friends and hijacking their session and using their account?

 

I'm also looking at doing this through cURL to try and hide the session id but not exactly sure how.

 

Any help is greatly appreciated.

 

Thanks.

[schilly]

bah already solved. ill start a new thread.

 

http://www.phpfreaks.com/forums/index.php/topic,312798.0.html