tags:

views:

29

answers:

2

I have 2 domain names on the same server but want to pass some data using session variable how to do this?

A: 

You can do something like this:

$name = session_name("name");
session_set_cookie_params(0, '/', 'domain.com');
session_start();

See session_set_cookie_params for more info.

Sarfraz
+1  A: 

Assuming you mean domains to be something.com and someothersite.com, then configure the two sites to use the same directory for their session files (/tmp?), then just tack on the session ID to the links between the site:

http://something.com?sessionID=session_id_from_someothersite.com
http://someothersite.com?sessionID=session_id_from_something.com

then have your session handling code in each check for that parameter and load it up.

However, passing the session IDs around in plaintext URLs is highly insecure. This is how session fixation attacks become trivial. A slightly more secure method would be to use a POST form on each server to "log into" the other domain and pass the session ID as a parameter. Or better yet, pass an encrypted one-time-usage token instead of the session ID.

If you're serving them as seperate sub-domains of the same parent domain (siteA.example.com and siteB.example.com), simply configure both to set their session cookies on example.com and it'll be shared between the two sites.

Marc B