Hi, They are in the same machine. My major concern is with security and the hability to make sure if a user logs in, or adds something to a "shopping cart" in one domain it will be available to the other domain. Can I set call setCookie twice with the same variable name but different domain ? I could set the sessionid and call session_start with the propagated id when/if a user crosses from one domain to another. - mb On 5/14/05, Richard Lynch <ceo@xxxxxxxxx> wrote: > > > On Fri, May 13, 2005 1:06 am, Marek Kilimajer said: > > Richard Lynch wrote: > >> On Thu, May 12, 2005 6:58 am, Shaun said: > >> > >>>$_SERVER['HTTP_HOST'] > >>> > >>>"Mbneto" <mbneto@xxxxxxxxx> wrote in message > >>>news:5cf776b80505120435724fab@xxxxxxxxxxxxxxxxx > >>>Hi, > >>> > >>>I need to access a website (written in php) using two different > >>>domains (www.foo.com and www.bar.com). I must see the same content. > >>> > >>>Since the site uses session and cookie variables I was wondering if > >>>(and how) it's possible to create a session id that is valid for the > >>>domains I'll be using... > >> > >> > >> There is no built-in way to just tell the browser that it's okay for > >> cookie X to work for both foo.com and bar.com > >> > >> You will have to write some code that passes the cookie name/value > >> between > >> foo.com and bar.com > >> > >> You might have a special script like 'propogate_cookie.php' something > >> like: > >> <?php > >> $var = $_REQUEST['var']; > >> $value = $_REQUEST['value']; > >> setcookie($var, $value); > >> ?> > >> > >> Put this on both servers, and then when somebody surfs to foo.com you > >> do: > >> <?php > >> session_start(); > >> $file = > >> file("http://bar.com/propogate_cookie.php?var=PHPSESSID&value="; > >> . session_id()); > >> ?> > > > > The above will deadlock. session_start() locks the session file, then > > you try to read from http://bar.com/propogate_cookie.php, this script > > will try to use the same session file, but it will be never unlocked. > > > > Propagating session id in url when linking across domains and having > > common session storage is completely sufficient. If you are concerned > > user might browse to the other domain by other means than using a link > > from the first domain, you can use a 1x1 pixel image linking to the > > other domain with session id in url. > > I was actually thinking of foo and bar as totally separate machines when I > typed that, mostly. > > But I'm not quite convinced that doing a setcookie on bar.com is going to > deadlock the session from foo.com, even if they use the same file-system. > > It will deadlock if the user tries to have foo and bar windows open at > once, or if the webmaster mixes foo and bar in a single page, but the > setcookie all by itself should not deadlock, I don't think... > > -- > Like Music? > http://l-i-e.com/artists.htm > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
