Re: Sharing cookie info across mulptile domains using PHP

Answered this question on EE.

The asker wanted to share a session across websites. There's no PHP code here, but the question was asked in a PHP forum.

1. when a user logs in, your code has to contact a central login server, and log that user into the "network" of sites. don't return a page yet.

2. the central log in server will return a global session id.

3. your code returns a page, and, on that page, put a bunch of images. in each image, set the SRC to a "remote log in" script on each of the network's servers. in each url, append the session id cookie. also set the user's cookie in this page.

4. each "remote log in" script called will contact the central log in server, to validate the session id. if the cookie validates, then set a set a cookie. also, each script should return it's graphic to the client, so it displays something. maybe it's a 1 pixel gif.

5. the global session id should be expired shortly after this transaction happens, to avoid session hijacks. the individual sessions are managed on each of the sites, not through the central log in server. there are other ways to make this more secure, too.