RE: Establishing PHP Session From a Different Host

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: Daniel Kolbo
> Daniel Brown wrote:
>> On Sun, Jul 12, 2009 at 12:37, Daniel Kolbo<kolb0057@xxxxxxx> wrote:
>>> Hello,
>>>
>>> How does one continue a php session on a different domain (domain B)
>>> than the domain (domain A) that started the session?
>> 
>>     Simple answer: you don't.
>> 
> 
> Thanks for the responses.
> 
> Re: Simple answer
> I thought of another example.  My bank's website.  I sign-in and
> authenticate with "bank.com".  Then, i click credit card from bank.com
> and i'm redirected to "creditcard.com" without me having to reinput
> user/pass.  They clearly do it (granted they have a lot more resources
> then I do, but i'd still like to know how they are doing it).

My bank also does this, but it only works if Javascript is enabled when
I first log in. Otherwise the initial login fails and I do it again on
the second site. I haven't actually looked at the page sources to see
what they do. But I have NoScript configured to block all JS by default
so the initial login attempt always fails. It also reports blocked XSS
attempts on both pages. So whatever they are doing does not appear to be
very safe.

Bob McConnell

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux