There’s going to be a link in the web page of the PHP application which when clicked by the user, will take them to a new tab of the browser. This new tab will contain another web application which is not PHP based.
So, from the PHP web application, I want to store the user information into HTML 5 web storage (basically session storage) so that I could retrieve it in the another tab using HTML 5 web storage. Since, both the tabs are in the same browser session, I should be able to get the stored information from PHP in a new tab using HTML 5 session storage.
I am wondering what does different domains has to do with it. I mean if I can storage some info to HTML 5 session storage using PHP, I should be able to retrieve same information using my non-PHP website as long as it’s on the new tab and same browser?
OR
If I could make use of Javascript part of PHP website somehow, then I maybe able to store the information to HTML5 session storage from PHP website?
I think right about here is where this plan falls apart.
If you’re referring to a server-side script then… it’s a PHP server.
If you’re referring to a client-side script then… you’re putting DB access information in a client side script.
…PHP site. in PHP _SESSION there is all authentication data.
…Java site (I asume).
So…
PHP saves _SESSION with session_id in DB.
PHP client, by referring on Java, gets cookie session id and adds it to URL.
Java checks in DB whether this session id exists and not expired.
So you’re going to put your database username and password into your client applications? Please, do share with me your websites so i can hack them all instantly by using your DB credentials you are giving to me.
It was, indeed, ‘clear’. But it’s clearly a bad idea.
Write some javascript code, that allows you to access a database. BUT. You can’t store the database username or password anywhere in variables. Because I can pause javascript, and tell it to give me the variables.