SitePoint Sponsor

User Tag List

Results 1 to 17 of 17
  1. #1
    SitePoint Wizard WorldNews's Avatar
    Join Date
    Nov 2007
    Posts
    1,033
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    How does one assign multiple Web site SESSION values at the same time?

    Hi,


    For example say we have 2 web sites:
    www.xxx.com
    www.yyy.com

    How does one assign $_SESSION values for these 2 Web sites at the same time? To be exact:
    for example after a user provides their username & password for loging into their account, how do we set the
    $_SESSION['verified_user'] = $user_id

    for both of the above web sites at the same time?
    So that this user does not need to log into yyy.com web site again after having loged into xxx.com.

    And if it helps, both of these Web sites reside on the same server machine for now. But to be exact we would like to move them onto separate server machines ASAP, so if your answer would be affected by them being on the same server machine or not please specify so.

    Regards,

    Anoox search engine volunteer

    www.anoox.com

  2. #2
    SitePoint Enthusiast
    Join Date
    Aug 2008
    Posts
    37
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well I would assume since php sessions are held on the server (an absolute path) you could in theory check the server to see if the session exists. problem is that sessions are unique, and checking from one site to another would be extremely difficult. I would use a cookie instead and actually to make it easier have both sitse use an offsite (read third script) that has access to both sites.

    So I would have my sites set up like this:

    >xxx.com
    >yyy.com
    >memberlogin.com

    member login would be the controller, both sites check to see if the cookie has been created from this script to allow login. Moving to a different server though. It would HAVE to be cookies as I said session data is help on the server. and as soon as the user leaves or remian inactive the session data is deleted.

  3. #3
    SitePoint Wizard WorldNews's Avatar
    Join Date
    Nov 2007
    Posts
    1,033
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    But how does xxx.com access the COOKIES set by memberlogin.com!

    Each Web site has access only to the COOKIES written by that Web site on a given users PC. Unless you know a way around this limitation would amount to a sort of a hack, because that would open whole sort of securities issues.

    Or do you mean something completely different that I misunderstood!


    Quote Originally Posted by smpily View Post
    Well I would assume since php sessions are held on the server (an absolute path) you could in theory check the server to see if the session exists. problem is that sessions are unique, and checking from one site to another would be extremely difficult. I would use a cookie instead and actually to make it easier have both sitse use an offsite (read third script) that has access to both sites.

    So I would have my sites set up like this:

    >xxx.com
    >yyy.com
    >memberlogin.com

    member login would be the controller, both sites check to see if the cookie has been created from this script to allow login. Moving to a different server though. It would HAVE to be cookies as I said session data is help on the server. and as soon as the user leaves or remian inactive the session data is deleted.

    Anoox search engine volunteer

    www.anoox.com

  4. #4
    SitePoint Enthusiast
    Join Date
    Aug 2008
    Posts
    37
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well I believe since setcookie is being created by you. You could set it to allow multiple domains or simply set two cookies for each site.

    PHP Code:
    // domain memberlogin.com

    setcookie('is_loggedin','somevalue',time()+99999,'xxx.com',FALSE,FALSE);
    setcookie('is_loggedin','somevalue',time()+99999,'yyy.com',FALSE,FALSE);

    // something like that maybe... seperate servers is going to kill it I bet...  :( 

  5. #5
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,807
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by smpily View Post
    PHP Code:
    // domain memberlogin.com

    setcookie('is_loggedin','somevalue',time()+99999,'xxx.com',FALSE,FALSE);
    setcookie('is_loggedin','somevalue',time()+99999,'yyy.com',FALSE,FALSE);

    // something like that maybe... seperate servers is going to kill it I bet...  :( 
    That would be completely useless as memberlogin.com is only allowed to create and read cookies for the memberlogin.com domain - both of those setcookie calls would fail with invalid domain.

    You can't share a session between two domains - the best you could do is to pass a code from one domain to the other that you then use to match up the two sessions as belonging to the same person.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  6. #6
    SitePoint Enthusiast
    Join Date
    Aug 2008
    Posts
    37
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by felgall View Post
    That would be completely useless as memberlogin.com is only allowed to create and read cookies for the memberlogin.com domain - both of those setcookie calls would fail with invalid domain.
    hmm ok, but I thought if they were something like an add-on domain on one server aka: memberlogin.com that technically xxx.com & yyy.com are really subdirectories and therefore the cookie would work??? I am no expert in cookies as I use sessions mainly & cookies when I must (SSL) but maybe it should then just be
    PHP Code:
    setcookie('is_loggedin','somevalue',time()+99999,'memberlogin.com',FALSE,FALSE); 

  7. #7
    SitePoint Wizard WorldNews's Avatar
    Join Date
    Nov 2007
    Posts
    1,033
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Hi,

    You said:
    "the best you could do is to pass a code from one domain to the other that you then use to match up the two sessions as belonging to the same person."

    How do yo do this?
    That is my question.
    I mean domain x.com cannot read sessions set by y.com and they cannot read each others cookies too. So how do you pass "pass a code from one domain to the other".

    ThanX,

    Quote Originally Posted by felgall View Post
    That would be completely useless as memberlogin.com is only allowed to create and read cookies for the memberlogin.com domain - both of those setcookie calls would fail with invalid domain.

    You can't share a session between two domains - the best you could do is to pass a code from one domain to the other that you then use to match up the two sessions as belonging to the same person.

    Anoox search engine volunteer

    www.anoox.com

  8. #8
    SitePoint Enthusiast
    Join Date
    Aug 2008
    Posts
    37
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thats actually done through two ways that I can think of using fopen(); (same server) or Curl() functions.

  9. #9
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,807
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    You'd need to pass something in the querystring in going from one domain to the other as that's the only way you can tell that they are the same person (at least until you have the second session created and linked to the first).
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  10. #10
    SitePoint Wizard WorldNews's Avatar
    Join Date
    Nov 2007
    Posts
    1,033
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    But How!
    Can you be more specific please?
    I mean the only answer I have received is to use Curl() which is way too generic an answer. So some code example would be appreciated.

    ThanX,

    Quote Originally Posted by felgall View Post
    You'd need to pass something in the querystring in going from one domain to the other as that's the only way you can tell that they are the same person (at least until you have the second session created and linked to the first).

    Anoox search engine volunteer

    www.anoox.com

  11. #11
    SitePoint Zealot
    Join Date
    Mar 2006
    Location
    High Wycombe UK.
    Posts
    108
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Im not sure on this but...use an iframe or something maybe? facebook seems to know how anyway using a small embed.

    I was just looking up RSS feeds and came across this that has some sort of login system to internet.com or somthing.

    Creating a Custom RSS Feed with PHP and MySQL

    Hope it helps.
    Never stop kicking me.

  12. #12
    SitePoint Wizard WorldNews's Avatar
    Join Date
    Nov 2007
    Posts
    1,033
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    ThanX.
    But this does not help at all.

    Quote Originally Posted by Funzo View Post
    Im not sure on this but...use an iframe or something maybe? facebook seems to know how anyway using a small embed.

    I was just looking up RSS feeds and came across this that has some sort of login system to internet.com or somthing.

    Creating a Custom RSS Feed with PHP and MySQL

    Hope it helps.

    Anoox search engine volunteer

    www.anoox.com

  13. #13
    SitePoint Wizard bronze trophy
    Join Date
    Jul 2006
    Location
    Augusta, Georgia, United States
    Posts
    4,147
    Mentioned
    16 Post(s)
    Tagged
    3 Thread(s)
    You can override the default session handling and store the data in a database/ series of tables that are shared between both sites.
    The only code I hate more than my own is everyone else's.

  14. #14
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,807
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by oddz View Post
    You can override the default session handling and store the data in a database/ series of tables that are shared between both sites.
    I don't think how you handle the sessions really matters. The difficuly part is identifying that the separate session cookies on the two domains both belong to the same person and so should both refer to the same data on the server. Storing the session id of both sessions in session variables (however they are stored) would handle it once you have matched the one session to the other. The difficult bit is finding a way to pass something from the first site to the second so that site can open the session there and match it to the session already opened on the first site.

    As the session ids are stored in cookies the cookie from one domain cannot be accessed from the other. You's need to either pass the session id across to the other site in the querystring. An iframe will not work because like cookies it has no access to the other domain to match the two sessions to the same user.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  15. #15
    SitePoint Wizard WorldNews's Avatar
    Join Date
    Nov 2007
    Posts
    1,033
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Exactly.

    Quote Originally Posted by felgall View Post
    I don't think how you handle the sessions really matters. The difficuly part is identifying that the separate session cookies on the two domains both belong to the same person and so should both refer to the same data on the server. Storing the session id of both sessions in session variables (however they are stored) would handle it once you have matched the one session to the other. The difficult bit is finding a way to pass something from the first site to the second so that site can open the session there and match it to the session already opened on the first site.

    As the session ids are stored in cookies the cookie from one domain cannot be accessed from the other. You's need to either pass the session id across to the other site in the querystring. An iframe will not work because like cookies it has no access to the other domain to match the two sessions to the same user.

    Anoox search engine volunteer

    www.anoox.com

  16. #16
    if($awake){code();} PHP John's Avatar
    Join Date
    Jul 2002
    Location
    Along the Wasatch Fault line.
    Posts
    1,771
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Could you store the session ID in the database, then pass that ID as a POST or GET argument. Then use that argument to access the database and retrieve the session information for the second site?

    It would involve a link from one site to the next populated with that unique identifier.
    John

  17. #17
    SitePoint Wizard WorldNews's Avatar
    Join Date
    Nov 2007
    Posts
    1,033
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Yes, that is exactly what I ended up doing at the end.

    Cheers

    Quote Originally Posted by PHP John View Post
    Could you store the session ID in the database, then pass that ID as a POST or GET argument. Then use that argument to access the database and retrieve the session information for the second site?

    It would involve a link from one site to the next populated with that unique identifier.

    Anoox search engine volunteer

    www.anoox.com


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •