For example say we have 2 web sites:
How does one assign $_SESSION values for these 2 Web sites at the same time? To be exact:
for example after a user provides their username & password for loging into their account, how do we set the
$SESSION['verifieduser'] = $user_id
for both of the above web sites at the same time?
So that this user does not need to log into yyy.com web site again after having loged into xxx.com.
And if it helps, both of these Web sites reside on the same server machine for now. But to be exact we would like to move them onto separate server machines ASAP, so if your answer would be affected by them being on the same server machine or not please specify so.
Well I would assume since php sessions are held on the server (an absolute path) you could in theory check the server to see if the session exists. problem is that sessions are unique, and checking from one site to another would be extremely difficult. I would use a cookie instead and actually to make it easier have both sitse use an offsite (read third script) that has access to both sites.
So I would have my sites set up like this:
member login would be the controller, both sites check to see if the cookie has been created from this script to allow login. Moving to a different server though. It would HAVE to be cookies as I said session data is help on the server. and as soon as the user leaves or remian inactive the session data is deleted.
But how does xxx.com access the COOKIES set by memberlogin.com!
Each Web site has access only to the COOKIES written by that Web site on a given users PC. Unless you know a way around this limitation would amount to a sort of a hack, because that would open whole sort of securities issues.
Or do you mean something completely different that I misunderstood!
Well I believe since setcookie is being created by you. You could set it to allow multiple domains or simply set two cookies for each site.
// domain memberlogin.com
// something like that maybe... seperate servers is going to kill it I bet... :(
That would be completely useless as memberlogin.com is only allowed to create and read cookies for the memberlogin.com domain - both of those setcookie calls would fail with invalid domain.
You can't share a session between two domains - the best you could do is to pass a code from one domain to the other that you then use to match up the two sessions as belonging to the same person.
hmm ok, but I thought if they were something like an add-on domain on one server aka: memberlogin.com that technically xxx.com & yyy.com are really subdirectories and therefore the cookie would work??? I am no expert in cookies as I use sessions mainly & cookies when I must (SSL) but maybe it should then just be
"the best you could do is to pass a code from one domain to the other that you then use to match up the two sessions as belonging to the same person."
How do yo do this?
That is my question.
I mean domain x.com cannot read sessions set by y.com and they cannot read each others cookies too. So how do you pass "pass a code from one domain to the other".
thats actually done through two ways that I can think of using fopen(); (same server) or Curl() functions.
You'd need to pass something in the querystring in going from one domain to the other as that's the only way you can tell that they are the same person (at least until you have the second session created and linked to the first).
Can you be more specific please?
I mean the only answer I have received is to use Curl() which is way too generic an answer. So some code example would be appreciated.
Im not sure on this but...use an iframe or something maybe? facebook seems to know how anyway using a small embed.
I was just looking up RSS feeds and came across this that has some sort of login system to internet.com or somthing.
Creating a Custom RSS Feed with PHP and MySQL
Hope it helps.
But this does not help at all.
You can override the default session handling and store the data in a database/ series of tables that are shared between both sites.
I don't think how you handle the sessions really matters. The difficuly part is identifying that the separate session cookies on the two domains both belong to the same person and so should both refer to the same data on the server. Storing the session id of both sessions in session variables (however they are stored) would handle it once you have matched the one session to the other. The difficult bit is finding a way to pass something from the first site to the second so that site can open the session there and match it to the session already opened on the first site.
As the session ids are stored in cookies the cookie from one domain cannot be accessed from the other. You's need to either pass the session id across to the other site in the querystring. An iframe will not work because like cookies it has no access to the other domain to match the two sessions to the same user.
Could you store the session ID in the database, then pass that ID as a POST or GET argument. Then use that argument to access the database and retrieve the session information for the second site?
It would involve a link from one site to the next populated with that unique identifier.
Yes, that is exactly what I ended up doing at the end.