Thanks again for the reply ... i will look into session_set_save_handler. I also did some research on SSO and OpenID (phpMyID) ... sounds like an interesting concept! - Vic On 8/16/07, Chris <dmagick@xxxxxxxxx> wrote: > > Vic Agnews wrote: > > Thanks for the suggestions guys .... I appreciate the help! I guess I'll > > look into creating a custom session handler. Any good references? > > http://php.net/session_set_save_handler shows an example. > > > How my current setup works is, there's session information for > > sub-domain1.domain.com <http://sub-domain1.domain.com> stored in a > > cookie and I want sub-domain2.domain.com <http://sub-domain2.domain.com> > > (which currently does not have authentication/sessions) to be able to > > read that cookie and find out who the user is. I read somewhere that you > > could do this either by using an apache module or .htaccess files or > > configuring php.ini ... > > AFAIK that's completely wrong. Your browser holds the cookie and it > works out the security of which domain can read which cookie. > > -- > Postgresql & php tutorials > http://www.designmagick.com/ >
