Re: Session ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Dec 8, 2012 at 10:52 AM, Jim Giner <jim.giner@xxxxxxxxxxxxxxxxxx> wrote:
> Didn't work.
>
> Let me explain my domain names.  My main domain is "albanyhandball.com".  I
> have two subs called "x.albanyhandball.com" and "y.albanyhandball.com".
> Attached to each of these is what my isp calls an "add-on domain" name.
> These two names are not similar at all.  As in "addon1.net" and
> "myothersub.com", but each is tied to one of the sub-domain names.  Looking
> at a phpinfo dump, the true sub-domain names (*.albanyhandball.com) show up
> only in the SERVER_ADMIN setting, while my add-on domain names show up in
> the SERVER_NAME settings.

    That won't work and should not work.  You could technically do it,
but you'd be deliberately creating an XSS for your sites.  If it
worked that way on its own, it would either be (a) a horrible browser
or (b) 1995.

    It'll work for the subdomains, but not addon or parked domains.

> I've read about passing the session id to a script and using that to opene
> up the existing session file.  Is this something I could do in this case?
> Or am I SOL?

    You can pass the session ID and reactivate the session that way,
sure.  Not pretty, and it does lead to security considerations, but it
would work.

-- 
</Daniel P. Brown>
Network Infrastructure Manager
http://www.php.net/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux