Geek Answers Handbook

PHP multilingual site

I am currently working on a project spanning multiple domains. I want the user to be able to log in to one site and log in to everyone else at the same time.

The user session is stored in the database, the cookies that I set for each domain contain the session ID.

Thus, basically, when a user registers with example.com, a cookie is created with a session identifier, and session data is stored in the database. Once this is done, a cookie must be created in all other domains using this unique session identifier so that when a user moves from site to site, they are automatically logged in.

Now I have found a way to do this in Firefox (using image tags that execute PHP scripts on other domains, essentially creating different cookies in different domains), but this method does not work in IE (havn't tested by Opera or Safari, etc. .d.).

Does anyone have any ideas on how I can get this to work in IE?

+6
php login single-sign-on multiple-domains
source share
5 answers

Look at my question Tracking users through a domain .

What you need to do is add another HTTP header to the "image".

Quote from Session variables are lost if you use FRAMESET in Internet Explorer 6 :

You can add a compact P3P policy to the title of your content for the child, and you can claim that no malicious actions are performed with user data. If Internet Explorer detects a satisfactory policy, then Internet Explorer allows you to set a cookie.

A simple compact policy that fulfills this criterion follows:

P3P: CP = "CAO PSA OUR"

This code example shows that your site gives you access to your own contact information (CAO), the pseudo-analysis data being analyzed, which means that the data is connected to your Internet by a person, not your physical (PSA), and that your data is not delivered to no external agencies for these agencies (OUR).

You can set this header if you use the Response.AddHeader Method in ASP page. In ASP.NET you can use Response.AppendHeader. You can use the IIS management snap-in (inetmgr) to add to the static file.

Follow these steps to add this header to a static file:

  • Click Start, click Run, and then type inetmgr.
  • On the left navigation page, click the appropriate file or on your website to which you want to add a header, right-click the file, and then click Properties.
  • Click the "HTTP Headers" tab.
  • In the Custom HTTP Headers group, click Add.
  • Enter P3P for the header name, and then for the string compact policy, type CP = ..., where "..." is the appropriate code for your compact policy.
+3
source share

I’m not sure that this is a good offer at this stage of your development, but you should definitely watch Single Sign-on if you want to do it in the β€œright” way.

+1
source share

Is it just me, or does it sound like your CSRFing with your technique using images that work in Firefox?

An interesting approach, although I hope that you are not discovering a security risk.

+1
source share

I did not do it myself, but I think you are going right. I would probably do the same, but instead of an image, I would use a Javascript file. It will be created on the server side and will update cookies on the client side.

0
source share

I may be a little stupid, but could you set a cookie for each domain name at login? So instead of having one cookie when you log in to site A, do they have five or more sites that you have?

setcookie(A, $sessid, expire, path, domainA.com); setcookie(B, $sessid, expire, path, domainB.com); setcookie(C, $sessid, expire, path, domainC.com); setcookie(D, $sessid, expire, path, domainD.com);
-one
source share

More articles:


All Articles