I'm presently researching the easiest method to share exactly the same session across two domain names (for any shared shopping cart software / shared account feature). I've made the decision on a couple of three different approaches:

Every fifteen minutes, send a 1 time only token (produced from a secret and user IP/user agent) to "sync the periods" using:

  1. img src tag

    img src="http://domain-two.com/sessionSync.png?token="urlsafebase64_hash"

    • shows a clear 1x1 pixel image and begins an online session session with similar session ID around the remote server. The png is really a PHP script with a few mod_rewrite action.

    • Disadvantages: let's say images are disabled?

  2. a succession of 302 redirect headers (almost just like above, just delivering token using 302's rather:

    • redirect to domain-2.com/sessionSync.php?token="urlsafebase64_hash"
    • then from domain-2.com/sessionSync, set(or refresh) the session and redirect to domain-1.com to carry on original request.

    • QuestionL Exactly what does Google consider this when it comes to Search engine optimization/Pagerank?? Will their bots have issues moving my website correctly? Can they think I'm attempting to trick the consumer?

    • Disadvantages: 3 demands before a person will get a webpage load, that is reduced compared to IMG technique.

    • Advantages: More often than not works?
  3. use jsonp to complete just like above.

    • Disadvantages: will not work if javascript is disabled. I'm staying away from this method due to particularly this.
    • Advantages: callback function on success might be helpful (although not really in cases like this)

My questions are:

  • What's going to google think about using 302's as mentioned in example 2 above? Can they punish me?
  • What is your opinion the easiest way is?
  • What are the security factors created by these techniques?
  • Shall We Be Held not recognizing another thing that may create problems?

Thanks for the help ahead of time!

Some ideas: You could utilize the jsonP approach and employ the <noscript> tag to create the 302-chains mode.

You will not find lots of js disabled clients within the human a part of your internet clients.

However the web spiders may fall within the 302-chain mode, and when you worry about them you can maybe implement some user-agent inspections in sessionSync to provide them specific instructions. For instance provide them with a 301 permanent redirect. Your session synchronistation needs are not valid for web spiders, you may can redirect them permanently (so only the very first time) without handling any sort of session synchronisation on their behalf. Well it is dependent ofg your implementation of the 302-chains however, you could too set something within the spiders session to allow them crawl domain-1 with no check up on domain-2, because this is dependent around the url you generate around the page, which you might have something within the session to avoid the domain-2 redirect on url generation.