SESSIONS and different domains

Forum Moderators: coopster

Message Too Old, No Replies

SESSIONS and different domains

Can this be done?

asantos

5:53 pm on Jul 25, 2007 (gmt 0)

Hi. I have a doubt regarding Sessions and PHP.

I have 4 domains. 1 of them is the single sign on domain (where the users profile database is) and the other 3 domains are vertical services.

single-sign-on-domain.com
vertical-service-1.com
vertical-service-2.com
vertical-service-3.com

Once the user registers itself on single-sign-on-domain.com he has automatically access to the 3 vertical services (all domains are on the same server so there is no problem regarding DB usage).

Of course, to avoid repeatedly sign-ins, i want the user to just sign in on the single sign on domain once, and then have the session vars do the rest of the job for the other domains.

Is it posible? If so, how? Am i applying a viable paradigm here? Any suggestions? thanks.

londrum

8:09 pm on Jul 25, 2007 (gmt 0)

cookies can only apply to a single top-level domain, but sessions store their stuff on your own server, so as long as each site has access to the same info on your server, then it shouldn't be a problem.

the easiest way to do it would be to put the info into an MySQL table or something similar, and give each site access to the same table.

asantos

8:19 pm on Jul 25, 2007 (gmt 0)

hi londrum.

regarding: "the easiest way to do it would be to put the info into an MySQL table or something similar, and give each site access to the same table."

actually that has been already implemented ;)

the actual problem comes when i try to handle the SESSION data. Despite all domains are on the same server, i cannot modify it's php.ini session.save_path variable, which means that each domain is configured to place the SESSION data in their own directory folders.

Can that variable be handled with htaccess?

londrum

8:36 pm on Jul 25, 2007 (gmt 0)

i think you can change the session_save_path directly from the php within the page. but you have to call it BEFORE any other session information.

something like this...

<?php
session_save_path("/path/to/whatever/");
session_start();blah blah blah?>

[EDIT... obviously you will have to place the path outside of the root, otherwise each site would still be looking inside their own site structure.]

asantos

9:34 pm on Jul 25, 2007 (gmt 0)

bad news :(


Warning: session_save_path() [function.session-save-path]: open_basedir restriction in effect. File(/home/singlesignon/public_html/temp) is not within the allowed path(s):

that message comes when trying to save session data from within www.example.com ... any other suggestions?

[edited by: coopster at 9:25 pm (utc) on July 28, 2007]
[edit reason] generalized domain [/edit]

justgowithit

11:53 pm on Jul 25, 2007 (gmt 0)

This is the same kind of issue that arises when flip-flopping http/https between different servers. You're probably going to have to database your session data to share them across multiple domains, same server or not.

This tutorial from Zend on custom session handling [zend.com] will get your started down the right path but it won't be the end-all. Check out this article on <snip>

[edited by: eelixduppy at 5:19 am (utc) on July 27, 2007]
[edit reason] removed url as per charter [/edit]

asantos

12:55 am on Jul 26, 2007 (gmt 0)

justgowithit:
thanks for the tips. im reading the articles right now.

londrum

8:43 pm on Jul 26, 2007 (gmt 0)

one other little thing,

/home/singlesignon/public_html/temp

sounds like you could access the /temp folder from your browser using www.example.com/temp

for security reasons, you really want to place the /temp folder above the public_html folder, so only your php scripts can access it.

asantos

1:43 am on Jul 27, 2007 (gmt 0)

londrum:
i know hehe, it was only for testing purposes. bad news is, it wont do the trick. that directory is restricted from other domains, despite they are on the same server.