Re: Re: Same sessions / different domains

[Marek Kilimajer <lists@xxxxxxxxxxxxx>]

Richard Lynch wrote:
> On Fri, May 13, 2005 1:06 am, Marek Kilimajer said:
>
> > Richard Lynch wrote:
> >
> > > On Thu, May 12, 2005 6:58 am, Shaun said:
> > >
> > >
> > > > $_SERVER['HTTP_HOST']
> > > >
> > > > "Mbneto" <mbneto@xxxxxxxxx> wrote in message
> > > > news:5cf776b80505120435724fab@xxxxxxxxxxxxxxxxx
> > > > Hi,
> > > >
> > > > I need to access a website (written in php) using two different
> > > > domains (www.foo.com and www.bar.com). I must see the same content.
> > > >
> > > > Since the site uses session and cookie variables I was wondering if
> > > > (and how) it's possible to create a session id that is valid for the
> > > > domains I'll be using...
> > >
> > >
> > > There is no built-in way to just tell the browser that it's okay for
> > > cookie X to work for both foo.com and bar.com
> > >
> > > You will have to write some code that passes the cookie name/value
> > > between
> > > foo.com and bar.com
> > >
> > > You might have a special script like 'propogate_cookie.php' something
> > > like:
> > > <?php
> > >  $var = $_REQUEST['var'];
> > >  $value = $_REQUEST['value'];
> > >  setcookie($var, $value);
> > > ?>
> > >
> > > Put this on both servers, and then when somebody surfs to foo.com you
> > > do:
> > > <?php
> > >  session_start();
> > >  $file =
> > > file("http://bar.com/propogate_cookie.php?var=PHPSESSID&value=";
> > > . session_id());
> > > ?>
> >
> > The above will deadlock. session_start() locks the session file, then
> > you try to read from http://bar.com/propogate_cookie.php, this script
> > will try to use the same session file, but it will be never unlocked.
> >
> > Propagating session id in url when linking across domains and having
> > common session storage is completely sufficient. If you are concerned
> > user might browse to the other domain by other means than using a link
> > from the first domain, you can use a 1x1 pixel image linking to the
> > other domain with session id in url.
>
>
> I was actually thinking of foo and bar as totally separate machines when I
> typed that, mostly.
>
> But I'm not quite convinced that doing a setcookie on bar.com is going to
> deadlock the session from foo.com, even if they use the same file-system.

Now I see what you wrote :) Well, it aint gonna work, you send cookie to 
 php's file() function, not to the browser.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php