php session sometimes not avaliable after passing to another domain

Question

I run a website which can be reached through different domains: domainname.de, domainname.ch, domainname.at, domainname.es etc. ...

When my customer wants to pay we gets to a payment page which is of course https secured. Due to server limitations I am only allowed to have one SSL Certificate which I only put on one domain: domainname-secure.com.

Because I charge different prices I need to know which domain the user belongs to, so when redirecting to domainname-secure.com I save the domain (e.g. domainname.de) in the session variable $_SESSION['domain_default'] and pass the sessionID by adding session_id=[session_id] as a get parameter.

Then I check I take $_GET['session_id'] and run the follow command to have the session available on the domainname-secure.com:

session_id($_GET['session_id']);

session_start();

When I test it myself, it works perfectly fine but I make a log entry when somebody gets to domainname-secure.com and has not have set $_SESSION['domain_default'].

This occurs several times a day but I really have no clue why this does not work! I am testing it again and again from many different links but for me it works perfectly fine.

Can some of you imagine why it sometimes does not work?

Is it not "good" or insecure to pass the session ID to another domain and is it not always readable after redirecting?

I know it is hard for you to determain a mistake but I am searching for some know issues with session or maybe a tip how to do it in a better way?

php session sometimes not avaliable after passing to another domain

Answers (1)

Related Questions