Joint Session Between Two Websites

Question

Joint Session Between Two Websites

Hi, thanks in advance ... I'm working on a project, I need some clarification to exchange data between two sites with a high degree of protection. I am currently using Form Post to exchange data. But I’m thinking about whether it is possible to get site-1 session data from site-2, because I think that using the session is safer. I don’t know how to use sessions between two sites, but I hope someone here finds out.

Like this:
Website Coding 1

$_SESSION['customer_id'] = 'XYZ'; $_SESSION['total_amount'] = '100'; <a href=https://site2.com/do.php?session_id=<?=$_SESSION['session_id']?>>Click Here</a>

Site code 2 in do.php

 $session_id = $_REQUEST['session_id']; $shared_data = bla_bla_bla_function($session_id); $customer_id = $shared_data['customer_id']; $total_amount = $shared_data['total_amount'];

or is there a way to make secure data exchange between two sites other than the form, please tell me. Thank you Regards,
Kaartikeyan r

solution found

I sent the client ID and amount via CURL to the second website, creating an entry in the table for this and creating an encrypted identifier with the record identifier and returning the encrypted identifier.

So, on the first website, I get the encrypted identifier and use it to redirect the URL to the second website.

On the second website with an encrypted identifier, I get the identifier and the number of clients.

+8

php session

rkaartikeyan Jul 13 '11 at 12:38

source share

2 answers

you can use a shared session server for both sites, for example. save session to database

to replace the built-in file server, you can use the session_set_save_handler function

+1

Gryphius Jul 13 '11 at 12:54

source share

John green · Accepted Answer · 2011-07-13T12:54:24+0000

Urk. First, never, EVER do this:

 $session_id = $_REQUEST['session_id'];

This causes a security flaw, which we call "session fixation" (more details: http://en.wikipedia.org/wiki/Session_fixation ).

You seem to be very hard on security. If you need to exchange data from site 1 to site 2, you must do this through one consumption bridge:

one). Click the link to site 1 in the handler file, call redir.php.

2). Redir.php first validates existing session data.

3). Redir.php writes the corresponding information to the DB string along with some identifier (for example, MD5 hash of the user ID + "_" + current time), plus the "consumed" flag, sets false.

4). Redir.php redirects 301 to site 2 along with the identifier.

5). Site 2 reads the corresponding row from the database.

6). If the data is good and not yet "absorbed", return success and mark the data as consumed.

7). If the data was destroyed, enter some kind of error.

There are more complex ways to do this, but I think it handles what you are trying to do.

Joint Session Between Two Websites

More articles: