Hi,
I have seen a few answers to this on SOF but most of these are concerned with the use of subdomains, of which none have worked for me. The common one being that the use of session.cookie_domain
, which from my understanding will only work with subdomains.
I am interested in a solution that deals with deals with entirely different domains (and includes the possibility of subdomains). Unfortunately project deadlines being what they are, time is not on my side, so I turn to SOF's expertise and experience.
The current project brief is to be able to log into one site which currently only stores the user_id
in the session and then be able to retrieve this value while on a different domain within the same server enviroment. Session data is being stored/retrieved from a database where the session id
is the primary key.
I am hoping to find a "light wieght" and "easy" to implement solution.
The system is utlising an in-house Model View Controller design pattern, so all requests (including different domains) are run through a single bootstrap script. Using the domain name as a variable, this determines what context to display to the user.
One option that did look like to have potential is the use of a hidden image and using the alt tag to set the user id
. My first impressions suggest this immediately seems "too easy" (if possible) and riddled with security flaws. Disscuss?
Another option which I considered is using the IP and User Agent for authentication but again I feel this not going to be a reliable option due to shared networks and changing IP addresses.
My third option (and preferred) which I considered and as yet not seen discussed is using htaccess
to fool the user into thinking that they are on a different domain when infact apache is redirecting; something like
www.foo.com/index.php?domain=bar.com&controller=news/categoires/1
but displays to the user as
www.bar.com/news/categories/1
foo.com
represents the "main site domain" which all requests are run through and bar.com
is what the user thinks they are accessing. The controller request dictates the page and view being requested. Is this possible?
Are there other options? Pros/Cons?
Thanks in advanced!!!