Reputation: 1031
checking if session exist on another website
I have a PHP project which has its multiple subdomains(a.domainone.com, b.domainone.com, c.domainone.com) hosted on another server and another main domain domaintwo.com on another server.
Aim: User can access subdomains of first domain only if user has logged in domaintwo.com domain.
Movement of user: A user visits on a.domainone.com > user is asked to clicked enter now > enter now has a ajax function to check user is logged into domaintwo.com or not (responses as needlogin or logindone) > if not a popup of domaintwo opens, on success login it closes echoing: loggin succesfull go ahead and hit enter now
Problem: After loggin it when user hits enter > same popup opens > echos login already done (hav put validation to check if session exist already) > so when checked echoing session varible found its blank on a.subdomain.com but when go to directly on the php page of domaintwo.com login handler it echos the value of session varibale correctly.
So I checked, the ajax response is always 'needlogin' ....!!!
Just an idea would be appreciating.
Thanks & Regards
Edit
I have already done < ? php header('Access-Control-Allow-Origin: *'); ? > in domaintwo.com otherwise i would not be receiving even the response of if session as 'needLogin' in ajax call.
Upvotes: 1
Views: 2256
Answers (2)
Reputation: 41428
You'd need the session_id from the session cookie on the browser. Fortunately (unforturately for you) a client browser will not allow access to cookies from a different domain. Since you can't get the session cookie, you can't get the session id, so there is no way to grab session across domains.
If both sites are on the same server, and you have direct access to the session store, and you're not regenerating session id's, you might do something shady like reading the session_id on one site and pass it in the get parameters to the next site, then manually open the session file based on the id and read it...
Upvotes: 1
Reputation: 4258
If you just need an idea about what's going on: You are accessing data from another domain, so the cross domain policy of web browsers kicks in.
You can start your research on Wikipedia:
- http://en.wikipedia.org/wiki/Same_origin_policy
- http://en.wikipedia.org/wiki/Cross-origin_resource_sharing
Upvotes: 0
Related Questions
- Check if a cookie exists on another domain
- Detect if PHP session exists
- How to check whether user is logged in on another site?
- PHP session check not working in ajax call
- check php session by JavaScript ,if it does not exist should not cause any error
- Check if session exists in php
- Check whether a PHP session exists or expired using AJAX
- Cross domain login check?
- PHP session across multiple domains
- How to check whether a user is logged in on another domain?