For example.
< ? php
//Site1.com/session.php
session_start(); //This line should have created a cookie called PHPSESSID
//We pass the value of that via a GET request to site2 via an image.
//This is just to illustrate the request. The same thing could be done with cURL or a number of other methods.
echo '';
//Show a link to the page we just called in the image.
echo 'Site 2';
< ? php
//site2.com/setSession.php
session_start();
if( !empty($_GET) )
{
setcookie($_GET['w'], $_GET['x'])
}
else
{
print_r($_COOKIE);
print_r($_SESSION);
//This *SHOULD* now match the session id from the last site.
echo session_id();
}
I tried numerous attempts with changing the domain and format for the domain string in setcookie() from my localhost trying to set the cookie for one of my domain names but couldn't get it to work. I imagine this is a cross site scripting security measure, but i'm not sure.
This method suffers from a big drawback though, unless both sites SHARE the SAME session store then you still wont be able to access the data.
Personally I like to override the default session handlers and generally use a database to store my sessions and values etc.
But if both sites reside on the same server, and can share access to a certain directory i'm sure you could configure it that way as well.
This is just another way to ultimately achieve the same effect as above except it doesnt get passed in the actual url, it gets passed kind of behind the scenes.
0 Comments