Sessions between websites I own on same server.

[brown2005]

if($login_count == 1) {

while ($row = mysql_fetch_array($login_sql, MYSQL_ASSOC)) {

$_SESSION['MembersID'] = $row['members_id'];

session_register('MembersID');	

}}

 

this works fine and logs me in on my website with the script and displays the correct id with:

 

if(isset($_SESSION['MembersID'])){

$session_id = $_SESSION['MembersID'];

echo'<li><a href="https://members.selmgec.co.uk/">Welcome, '.$session_id.'</a></li>';

}

 

 

but how can i pass it onto another website i own, using the same database connection.

[BlueSkyIS]

session_register is deprecated and should be forgotten. You can remove that line.

 

You'll need to pass the session id to the second domain one way or another, then the second domain can pick up the session. OR pass pertinent info to the second domain via MySQL/other database, passing a unique key to identify the correct data.

 

more info: http://www.google.com/search?client=safari&rls=en&q=php+pass+sessions+between+domains&ie=UTF-8&oe=UTF-8

[shlumph]

You may be able to do it by setting the same cookie domain to the same under each project. I've only done that with subdomains, though, so I'm not entirely sure.

[BlueSkyIS]

^ that should not work due to different domains. sub-domains yes, different domains no.

[ZulfadlyAshBurn]

you may want to try get or post functions.

 

index.php

$user = $_SESSION['MembersId'];
dirpath = "http://www.anotherwebsite.com/getuser.php?id=";
echo"<a href=$dirpath/$user">Welcome, </a>";

 

http://www.anotherwebsite.com/getuser.php

$userid = $_GET['id'];
echo $userid;

$_SESSION['MembersID'] = "$userid";

[shlumph]

I wouldn't recommend that, unless you add some sort of handshake/token system. Otherwise, I could become any member by simply changing the ID in the URL.

[johnny86]

Missunderstood the problem, you are already using database for sessions.

[brown2005]

Right, I am having a nightmare trying to find information that explains how to do this properly. Please can someone help..

 

if(mysql_num_rows($login_sql) == 1){
session_regenerate_id();

$login_member = mysql_fetch_assoc($login_sql);

$_SESSION['SESS_ID'] = session_id();
$_SESSION['SESS_MEMBER_ID'] = $login_member['members_id'];
$_SESSION['SESS_FIRST_NAME'] = $login_member['firstnames_name'];					
$_SESSION['SESS_LAST_NAME'] = $login_member['surnames_name'];
session_write_close();

 

right that logs people in fine. and displays the four fields on the home page.

 

Now I want to jump from the login website.

 

www.loginhere.co.uk

 

to the website

 

www.website1.co.uk

 

how is the best way to do this.

 

Thanks

[PFMaBiSmAd]

You would be much better off duplicating/replicating the log in data between the two sites.

 

By default the session id is propagated between pages using a cookie and ALL cookies are domain specific. Also, the session data file is owned by the user/account that the web server runs under.

 

So, to make this work between different domains, you must both pass the session id between the pages as a parameter on the end of the URL and you must make the session data available to both web sites (usually by storing it in a database that both web sites can access.)

[brown2005]

You would be much better off duplicating/replicating the log in data between the two sites.

 

By default the session id is propagated between pages using a cookie and ALL cookies are domain specific. Also, the session data file is owned by the user/account that the web server runs under.

 

So, to make this work between different domains, you must both pass the session id between the pages as a parameter on the end of the URL and you must make the session data available to both web sites (usually by storing it in a database that both web sites can access.)

 

I have my own dedicated server, and will have numerous websites on this, who access the same database.

[PFMaBiSmAd]

You are going to need to rewrite all your php scripts to pass the session id on the end of the URL, because php will only add the session id on relative URLs (i.e. URLs within a single domain.) Php won't even put the session id onto the end of an absolute url within a single domain.

[brown2005]

You are going to need to rewrite all your php scripts to pass the session id on the end of the URL, because php will only add the session id on relative URLs (i.e. URLs within a single domain.) Php won't even put the session id onto the end of an absolute url within a single domain.

 

ok, how do I do this please?

[PFMaBiSmAd]

A) I recommend that you read the session handling section of the php documentation - http://www.php.net/manual/en/book.session.php

 

B) I also recommend that you create a set of test scripts to get this working on your server so that you will see what is involved.

 

C) If the session data files cannot be accessed by all the web sites due to permissions and ownership, you will need to find or write a custom session save handler that stores the session data in a database that can be accessed by all the web sites.

 

After you complete A, B, and C above, you will have the background needed to implement this in the actual scripts on your site. If you don't fully understand everything in the steps above, you are going to need to hire a programmer to do this for you.

 

And, you do realize that passing the session id on the end of the URL creates several security risks.