Re: maintain a single session across multiple servers
- From: Jerry Stuckle <jstucklex@xxxxxxxxxxxxx>
- Date: Sun, 10 Jun 2007 15:52:49 -0400
Samir Chouaieb wrote:
Jerry Stuckle wrote:> Hi,Samir Chouaieb wrote:Hello,
I am trying to find a solution to a login mechanism for different domains on different servers with PHP5.
I have one main domain with the user data and several other domains that need a login to show data.
I want the user to login only once when he visits any of my domains.
The first idea is had is to use the same session for all domains. Is this possible?
Any help or hint is appreciated.
Thanks in advance
Best regards
Samir
No, it's not. Cookies are designed to be domain specific. For security reasons, the browser won't send a cookie belonging to one domain on to another domain.
If all of these sites are so closely related, why are they different sites?
>
> thanks first of all for your answer.
>
> > No, it's not. Cookies are designed to be domain specific.
> > For security reasons, the browser won't send a cookie
> > belonging to one domain on to another domain.
>
> You took only the cookies into consideration as a way to store session-ids.
>
> > If all of these sites are so closely related, why are they
> > different sites?
>
> Take as an example a set of partner online shops that have a central
> login mechanism.
>
>
> If the login pages of the online shops call a dedicated php-page on the
> main domain that achieves the login if not done aready and gives the
> session-id back to the referer page in the url or as POST variable.
>
> if the different shops have the same php-path for session variables on
> the main-domain server, then they will be able to read the content of
> the session.
>
> Does this make a sense. Or am I dreaming?
>
>
> Regards
> Samir
>
(Top posting fixed)
No, I'm not talking about cookies which contain session id's. Any cookie is domain specific. As will be the sessions, if you're smart.
Anything else like passing info back and forth in $_POST or $_GET variables can be very easily fudged. And even if they all have the same path on the server, there is a huge amount which can go wrong, as well as huge potential security holes. For instance, the refer page can be easily falsified. It's not hard at all.
I wouldn't even try it across multiple domains like this. And I ask again - if these are so closely related, why aren't they the same domain? They should be, IMHO. How many other sites do you see where one signon covers multiple domains?
And please don't top post.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@xxxxxxxxxxxxx
==================
.
- Follow-Ups:
- Re: maintain a single session across multiple servers
- From: R. Rajesh Jeba Anbiah
- Re: maintain a single session across multiple servers
- References:
- maintain a single session across multiple servers
- From: Samir Chouaieb
- Re: maintain a single session across multiple servers
- From: Jerry Stuckle
- Re: maintain a single session across multiple servers
- From: Samir Chouaieb
- maintain a single session across multiple servers
- Prev by Date: |OT| GG broken signature (Was Re: Open Source Geographic Location LIBs?)
- Next by Date: Re: Easily run PHP scripts in GUI mode in Windows - no hassle, no webserver needed
- Previous by thread: Re: maintain a single session across multiple servers
- Next by thread: Re: maintain a single session across multiple servers
- Index(es):
Relevant Pages
|
