How to keep PHP session intact when another server is making the request?

Question

I have a secure site with private information that uses https. We have a partnership with another site that provides functionality for our users. We want the header and footer to be the same, but the body functionality to come from their site. I thought I'd create a template file that they can request from our server, which would allow me to keep creative control for whenever our site has changes.

However, the header has account information, so it needs to access the session information for the current user. So number one, is this possible? If a user clicks from my site to theirs and they request the template from our servers, how can it be sure to connect to the correct session? And number two, is this safe? How can I be sure this connection is secure?

Edit: It appears this option is not worth pursuing. I'm going to work on some other ways for the other server to access the information. Thanks.

Answer 1

I think for what you are doing, the only option you have to is to redirect any request through your server acting as a proxy to maintain session vars without causing to many security holes.

Answer 2

If you want the file on your site to be a template, it should be only that. Have the other site add the information to the header after fetching it.

Answer 3

What you are trying to do in that way is a completely mess.

You should avoid outtputting a page built from different website putted all togheter.
That would become:

• Hard to maintain;
• Prone to security hole.