Geek Answers Handbook

PHP Cross Domain Sessions

I create a site that allows the user to specify a CNAME record on my site to run their "profiles", this allows your OWN domain name to upload your profile on my site.

This raises all kinds of session related issues. I saw how virb did it. I do not see any information, which is an iFrame-based session ... but there is an iFrame on the page.

I can get the domain stuff to work, I'm just losing session data ... Any ideas?

(Here's an example --Links to Virb - http://www.agentspider.com/ )

+6
php session cross-domain
source share
4 answers

By default, you cannot set a cross-domain cookie. I believe you can configure the P3P file (s) to include it. http://p3ptoolbox.org/guide/section4.shtml#IVd I myself did not do this, so I don’t know how many of them are implemented in browsers or even work like that.

Virb looks simple using JavaScript. It has an AJAX library that makes a JSON-P request to the virb server if no session cookie is set. (first Firefox download you can see this in Firebug). The JSON response simply allows the page to know whether the user is registered or not, and updates the parts of the page that should reflect the status of the user.

So what happens, the page inserts some JS from virb.com. Since the virb.com domain, the cookie set on virb.com is sent to the server. The server then responds to the cookie result to an external site.

In the case of virb, which would not work properly without JS, I think this is a good option. However, you can do the same with HTTP redirects.

If the HTTP host is not the primary domain (example.com):

if (!$_COOKIE['sessionid'] && $_SERVER['HTTP_HOST'] != 'example.com') { // redirect to your main site header('Location: http://example.com'); }

Set a cookie on the main site and send the user back to the external domain (domain.com), passing the session identifier to Location.

 header('Location: http://domain.com.com?sessid='.urlencode($_COOKIE['sessionid']));

The last bit is to redirect back to the page you were on, now that you have the same session.

 setCookie(...); // sessid in $_GET['sessid'] header('Location: http://domain.com/');

Please note that in fact you can send the page that you will now return to example.com in the first step so that you can redirect it back later.

Since you just use headers (you do not need to output the content), and in most cases HTTP / 1.1, so you will be in the same TCP socket, I think it is quite efficient and will be more supported than the JavaScript version.

Edit: Remember to set a cookie when you return to the external domain.

The final step is optional, but it does not support sessid in the URL. This is more a security issue than persisting in HTTP headers.

+5
source share

The only way is to add session IDs to URLs that go from one domain to another (or add this session ID to iframe src URLs) and then encode your session storage server to handle this.

Of course, you need to consider all the security issues this approach faces.

+4
source share

Not easier than:

1) create domain1.com/client.html with the source code:

<script type="text/javascript" src="domain2.com/server_set_cookie.php"></script > 2) create domain2.com/server_set_cookie.php with the php source:

 header("p3p: CP=ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV"); setcookie($_REQUEST['cookie_name'], 'cookie_name', time()+3600);

http://smartcoding.wordpress.com/2009/07/12/setcookie-cross-domain-cookie-write/

+1
source share

Not sure if I understand your problem. Is it something like another domain calling something like www.userprofiles.com/profile.php?userid=1 and displaying the results? In this case, profile.php will generate a new session identifier whenever it is called. You need to set different identifiers for each external domain using your site and change profile.php to something like:

if (isset ($ _ REQUEST ['sid'])) session_id ($ _ REQUEST ['sid']);

session_start ();

and call the script as follows: www.userprofiles.com/profile.php?userid=1&sid=somesessionid1234

0
source share

More articles:


All Articles