tags:

views:

309

answers:

1
Q: 

Maintaining the same Session in Child Window

When a user arrives at my site, a session is started for them. There is a point where a child window is spawned using JavaScript on my sites home page.

This child window goes to Twitter site to authenticate the user and it gets redirected back to a script on my site which stores some variables in a SESSION.

I have found out that the PHP script in the child window isn't aware of the session and session_id that is set already and it therefore starts a new session which means the parent window (index.php) can not access those session variables.

I am baffled. What can I do?

Update

Here is my code, but its not my code that is the problem, its the implementation that I am having trouble with.

index.php

<?php session_start(); ?>

oauth.php //child window

<?php session_start();

$_SESSION['screen_name'] =  $twitterInfo->screen_name;

$_SESSION['profile_image_url'] = $twitterInfo->profile_image_url;

?>

When child window closes and I use AJAX to check a screen_name like so, it returns a no match as the child window oauth.php is using a different session (id).

<?php session_start();

    sleep(1);

    if(isset($_SESSION['screen_name'])){

     echo 'done';
     exit;

    }else{

     echo session_id().$_SESSION['screen_name'];
     exit;

    }
?>
+2  A: 

If you use the same domain, then PHP should be aware of the session since all cookies are sent back to the domain that set them according to the HTTP specs.

Note that www.domain.com is a different domain then domain.com. Cookies can also be set for a path on a domain, so make sure the path is the same. Cookies can also be set for multiple sub domains using *.

If you post the relevant PHP code you have, it will help.

bucabay  2009-07-13 14:28:41
Thats what I didn't know! www.domain.com is a different domain then domain.com! Is there a way to make the same?? Do I edit my PHP.ini file?
Abs  2009-07-13 15:38:27
www.domain.com is a subdomain of domain.com like any other (sub.domain.com...,forum.domain.com)You can use ini_set('session.cookie_domain','.yourdomain.com') to make the php session cookie visible through all your subdomains.
MazarD  2009-07-13 15:40:33
You can instruct PHP to set the cookie to a specific domain, or include child domains with: session_set_cookie_params()http://php.net/manual/en/function.session-set-cookie-params.phpNote that is usually isn't good practice to set cookies to all sudomains. Some large profile sites have been subject of XSS attacks because of this. Yahoo and Hotmail in the past. It doesn't create an XSS vulnerability, but it makes it hard prevent it since any vulnerability infects all domains the cookie is set to.
bucabay  2009-07-13 16:59:38
To save you the headache of messing with your session handler, just make sure the domain twitter redirects to is the same as the parent window.When writing AJAX apps, I usually use window.location.host property to get the domain in JS so that I'm sure the XMLHttpRequest is made to the same domain. You could use that to redirect your child window to the correct domain, or make the parent window open in the correct domain. You can also configure your server to redirect URLs to either www.domain.com or domain.com. This has the added benefit of SEO (theorectically).
bucabay  2009-07-13 17:01:38

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases