I've come across a couple of solutions for this on SOF but many of these are worried by using subdomains, which none have labored for me personally. The most popular one since using
session.cookie_domain, which from my understanding is only going to use subdomains.
I'm thinking about an answer that are responsible for handles entirely different domain names (and includes the potential of subdomains). Regrettably project due dates being what they're, time is this is not on my side, and so i use SOF's experience and expertise.
The present project brief would be to have the ability to log into one site which presently only stores the
user_id within the session after which have the ability to retrieve this value during another domain inside the same server enviroment. Session information is being saved/retrieved from the database in which the
session id may be the primary key.
I'm wishing to locate a "light wieght" and "easy" to implement solution.
The machine is utlising an in-house Model View Controller design pattern, so that all demands (including different domain names) are tell you just one bootstrap script. While using domain title like a variable, this determines what context to show towards the user.
One option that did look enjoy having potential is using a hidden image and taking advantage of the alt tag to create the
user id. My first impressions suggest this immediately appears "too easy" (if at all possible) and full of security defects. Disscuss?
An alternative choice that we considered is applying the IP and User Agent for authentication however Personally i think this not really a trusted option because of shared systems and altering IP addresses.
My third option (and preferred) that we considered and up to now not seen talked about is applying
htaccess to fool the consumer into thinking that they're on the different domain when in reality apache is redirecting something similar to
world wide web.foo.com/index.php?domain=bar.com&controller=news/categoires/1
but shows towards the user as
world wide web.bar.com/news/groups/1
foo.com signifies the "primary site domain" which all demands are tell you and
bar.com is exactly what the consumer thinks they're being able to access. The controller request dictates the page and examine being asked for. Is possible?
Exist other available choices? Pros/Cons?
Thanks in advanced!!!
Have you contemplated using session_set_save_handler. You are able to store your periods inside a database and access them from the domain.
For that benefit for other people thinking about this functionality, there's no simple answer I'm afraid. Google "Single Sign UpInch and it'll return having a the technology plus some solutions avialable.
For using htaccess to cover the domain title, no chance as it may be utilized for malicious activities.
I've now effectively implemented something to achive my needs.