Shafiq Rehman wrote:
Hi, How can I register a session or cookie for two domains. I want to maintain logged user's state when he goes from one domain to other domain. Example Suppose a user is logged in on domain1.com. A cookie is set and user is authenticated from database on the basis of that cookie. When he goes from domain1.com to domain2.com, I want he remains loggedin on domain2.com. I do not want any query string. Is it possible by playing with cookie or session settings? Please advise if anybody has faced such problem.
Evil Haxors face this problem everyday - sovling it involves using security vulnerabilities in browsers (and possibly servers); technically what you ask is not possible - the whole point of cookies is that they are only available to the issuing domain; there is no concept of trusted domains with HTTP. having said that if you allow it to work via something in the URL (e.g. GET param) then it's doable (chap named Mark gave you an answer to this affect). I just had thought for a completely different way of doing it: it requires 3 domains: 1. domain1.com 2. domain2.com 3. domain3.com domain1.com unconditionally/always redirects to domain1.domain3.com domain2.com unconditionally/always redirects to domain2.domain3.com *.domain3.com is where every really happens. all logs/sessions occur under the domain3.com domain - and sharing cookies between subdomains IS allowed :-) hope you understand what I mean.
Regards http://www.phpgurru.com
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
