Reputation: 17
PHP Sessions across domains and shared multiple domains
I am trying to set up the following:
login.domain.com
site1.domain.com
site2.domain.com
https://domain2.com
where if the user visits site1.domain.com or site2.domain.com and they are not logged in, they redirect to login.domain.com/?url=site1.domain.com
On php aplication domain.com. Im set up php.ini session using redis.
session.save_handler=redis
session.save_path="tcp://127.0.0.1:6379?weight=1&database=14"
After authentication success. Im set cookie session_id.
On site1.domain.com and site2.domain.com .Im get Cookie
$sessionid = $_COOKIE['session_id'];
session_id($sessionid);
session_start();
User login success.
But I have problem. How to domain2.com get cookie, domain https SSL access it and security.
Upvotes: 0
Views: 1158
Answers (1)
Reputation: 31654
What you can do is pass the session directly in the URL. So when you link to domain2.com you pass the session like so (assuming you haven't changed your session ID handler from the default)
domain2.com?PHPSESSID=[your session ID here]
While there are some potential security risks (I would regenerate IDs at key points if I were you), it could solve your problem.
Another solution would be to hash the session ID and store that in your Redis instance, then set the session based on that hash. A bit more secure that way.
Upvotes: 0
Related Questions
- How do I get the current date and time in PHP?
- How do you parse and process HTML/XML in PHP?
- startsWith() and endsWith() functions in PHP
- Secure hash and salt for PHP passwords
- PHP Sessions across sub domains
- How to save and restore multiple different sessions in Vim?
- "Notice: Undefined variable", "Notice: Undefined index", "Warning: Undefined array key", and "Notice: Undefined offset" using PHP
- What is the difference between single-quoted and double-quoted strings in PHP?
- Bref PHP stores sessions in redis but can't read it
- Using multiple sites with one SSL-enabled site with Apache