I'm sorry - but performing a slight bastardization of Achems Razor is the best way to solve this dilemma. You have two web-based php applications that you have written yourself, and you have a single user (and browser) who wants to access those applications. The applications reside on the same web server, and as far as I have gathered - there is no intention to change that. The solution is simple - or at least straightforward - at the top of your scripts, pull in your 'local session' from the $_SESSION variable - and make sure all writes go back out to the same location. You still only have one session, but you have two (or more) distinct namespaces within that session, one for each application, which you use to refer to that applications variables. It will mean rewriting anywhere you're referencing these variables - but your only other real alternative is to serve each application up from a different webhost. You'd do best to write your applications to be 'cautious' with $_SESSION anyways, and only pollute discrete parts of it, because that way you can easily use other peoples code that works similarly. (e.g. if I write my application and name it "cool_stuff" and only write to $_SESSION['cool_stuff'] - then we don't have to worry about overwriting one anothers $_SESSION['username']) $app_name = "cool_stuff"; $username = $_SESSION[$app_name]['username']; Any solution you come up with today should definitely scale to 3 or more applications, otherwise you'll just have to rewrite 2 (or more!) solutions later on down the line. - Martin Norland, Database / Web Developer, International Outreach x3257 The opinion(s) contained within this email do not necessarily represent those of St. Jude Children's Research Hospital. -----Original Message----- From: Bastien Koert [mailto:bastien_k@xxxxxxxxxxx] Sent: Friday, October 22, 2004 12:22 PM To: andre.matos@xxxxxxxxxxxx; h.dudeness@xxxxxxxxx Cc: php-db@xxxxxxxxxxxxx Subject: RE: How to send a SID in a security way What about writing a function that will store some of those required variables into a db. Then on the second site, open a link to the first db and query for those values that you need? bastien >From: "Andre Matos" <andre.matos@xxxxxxxxxxxx> >To: "'Matt M.'" <h.dudeness@xxxxxxxxx> >CC: <php-db@xxxxxxxxxxxxx> >Subject: RE: How to send a SID in a security way >Date: Fri, 22 Oct 2004 12:59:00 -0400 > >Hi Matt, > >I am trying to solve my problem to have one browser accessing two >different applications (each one in a different window) where each >application has its own and unique sessionID. I really don't want to >use cookie because I will need that the user enable the option "accept >cookies" in the browser. > >However, I am afraid to pass the sessionID on the URL because someone >can cat it. > >I am using currently using SSL. > >Can you see any solution for my problem? > >Thanks. > >-- >Andre Matos >andre.matos@xxxxxxxxxxxx > >-----Original Message----- >From: Matt M. [mailto:h.dudeness@xxxxxxxxx] >Sent: Friday, October 22, 2004 12:35 PM >To: Andre Matos >Cc: php-db@xxxxxxxxxxxxx >Subject: Re: How to send a SID in a security way > > > How can I send a SID (SessionID) in a security way from one page to >another? > > Is it "security" to do this? > >not sure what exactly you want. You could just use cookies, dont allow >it to be in form fields or query strings. > >you could use ssl. > >-- >PHP Database Mailing List (http://www.php.net/) >To unsubscribe, visit: http://www.php.net/unsub.php > >-- >PHP Database Mailing List (http://www.php.net/) >To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
