How does one assign $_SESSION values for these 2 Web sites at the same time? To be exact:
for example after a user provides their username & password for loging into their account, how do we set the
$_SESSION[‘verified_user’] = $user_id
for both of the above web sites at the same time?
So that this user does not need to log into yyy.com web site again after having loged into xxx.com.
And if it helps, both of these Web sites reside on the same server machine for now. But to be exact we would like to move them onto separate server machines ASAP, so if your answer would be affected by them being on the same server machine or not please specify so.
Well I would assume since php sessions are held on the server (an absolute path) you could in theory check the server to see if the session exists. problem is that sessions are unique, and checking from one site to another would be extremely difficult. I would use a cookie instead and actually to make it easier have both sitse use an offsite (read third script) that has access to both sites.
So I would have my sites set up like this:
member login would be the controller, both sites check to see if the cookie has been created from this script to allow login. Moving to a different server though. It would HAVE to be cookies as I said session data is help on the server. and as soon as the user leaves or remian inactive the session data is deleted.
Each Web site has access only to the COOKIES written by that Web site on a given users PC. Unless you know a way around this limitation would amount to a sort of a hack, because that would open whole sort of securities issues.
Or do you mean something completely different that I misunderstood!
Well I believe since setcookie is being created by you. You could set it to allow multiple domains or simply set two cookies for each site.
// domain memberlogin.com
// something like that maybe... seperate servers is going to kill it I bet... :(
hmm ok, but I thought if they were something like an add-on domain on one server aka: memberlogin.com that technically xxx.com & yyy.com are really subdirectories and therefore the cookie would work??? I am no expert in cookies as I use sessions mainly & cookies when I must (SSL) but maybe it should then just be
“the best you could do is to pass a code from one domain to the other that you then use to match up the two sessions as belonging to the same person.”
How do yo do this?
That is my question.
I mean domain x.com cannot read sessions set by y.com and they cannot read each others cookies too. So how do you pass “pass a code from one domain to the other”.
You’d need to pass something in the querystring in going from one domain to the other as that’s the only way you can tell that they are the same person (at least until you have the second session created and linked to the first).
I don’t think how you handle the sessions really matters. The difficuly part is identifying that the separate session cookies on the two domains both belong to the same person and so should both refer to the same data on the server. Storing the session id of both sessions in session variables (however they are stored) would handle it once you have matched the one session to the other. The difficult bit is finding a way to pass something from the first site to the second so that site can open the session there and match it to the session already opened on the first site.
As the session ids are stored in cookies the cookie from one domain cannot be accessed from the other. You’s need to either pass the session id across to the other site in the querystring. An iframe will not work because like cookies it has no access to the other domain to match the two sessions to the same user.