On Monday 13 July 2009 14:15:18 Bob McConnell wrote: > From: Daniel Kolbo > > > Daniel Brown wrote: > >> On Sun, Jul 12, 2009 at 12:37, Daniel Kolbo<kolb0057@xxxxxxx> wrote: > >>> Hello, > >>> > >>> How does one continue a php session on a different domain (domain B) > >>> than the domain (domain A) that started the session? > >> > >> Simple answer: you don't. > > > > Thanks for the responses. > > > > Re: Simple answer > > I thought of another example. My bank's website. I sign-in and > > authenticate with "bank.com". Then, i click credit card from bank.com > > and i'm redirected to "creditcard.com" without me having to reinput > > user/pass. They clearly do it (granted they have a lot more resources > > then I do, but i'd still like to know how they are doing it). > > My bank also does this, but it only works if Javascript is enabled when > I first log in. Otherwise the initial login fails and I do it again on > the second site. I haven't actually looked at the page sources to see > what they do. But I have NoScript configured to block all JS by default > so the initial login attempt always fails. It also reports blocked XSS > attempts on both pages. So whatever they are doing does not appear to be > very safe. > > Bob McConnell Just a thought, but as the session ID normally gets automatically added to the header request by a browser, could you not add it into the form itself as you move from one domain to another? Afaik, PHP tends to prefer the PHPSESSID as an element in the $_COOKIE array (or the $_REQUEST array which is made up from the cookie as well) so you might be able to do some clever playing around to achieve the effect? -- Thanks, Ash http://www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
