A community in which webmasters can ask for help with topics such as PHP coding , MySQL , IT jobs, web design, IT security.
|PHP Multi site login||#1|
I am currently working on a project that spans accross multiple domains. What I want is for the user to be able to login on one site and be logged in on all the others at the same time.
The users session is stored in the database, the cookies that I set on each domain contain the session id.
So basically when a user logs in to example.com a cookie is created with their session id, the session data is stored in the database. Once this is done a cookie needs to be created on all the other domains with this unique session id so that as the user travels from site to site they will automatically be logged in.
Now I have found a way to do this in Firefox (using image tags that executes PHP scripts on the other domains, essentially creating the different cookies on the different domains) but this method doesn't work in IE (havn't tested Opera or Safari etc. yet).
Does anyone have any ideas about how I can get this to work in IE?
posted date: 2008-12-22 16:51:00
|Re: PHP Multi site login||#3|
Not sure if it a good suggestion at this point in your development, but you should definitely look at Single Sign-on if you want to do it the "right" way.
posted date: 2008-12-22 18:04:00
|Re: PHP Multi site login||#4|
posted date: 2008-12-23 06:20:00
|Re: PHP Multi site login||#5|
Is it just me, or does it sound like your CSRFing yourself with your technique using images that works in Firefox?Interesting approach, although I hope you're not opening yourself up to a security threat there.
posted date: 2008-12-23 06:27:00
|Re: PHP Multi site login||#6|
Possibly me being a bit silly, but could you not set the cookies for each domain name on login? So rather than them having one cookie when they login to Site A, they have five, or however many sites you have?
setcookie(A, $sessid, expire, path, domainA.com);setcookie(B, $sessid, expire, path, domainB.com);setcookie(C, $sessid, expire, path, domainC.com);setcookie(D, $sessid, expire, path, domainD.com);
posted date: 2008-12-23 06:34:00
|Re: PHP Multi site login||#7|
Have a look at my question Cross Domain User Tracking.What you need to do is to add another HTTP header to the "image".Quote from Session variables are lost if you use FRAMESET in Internet Explorer 6:You can add a P3P compact policy header to your child content, and you can declare that no malicious actions are performed with the data of the user. If Internet Explorer detects a satisfactory policy, then Internet Explorer permits the cookie to be set.A simple compact policy that fulfills this criteria follows:P3P: CP="CAO PSA OUR"This code sample shows that your site provides you access to your own contact information (CAO), that any analyzed data is only "pseudo-analyzed", which means that the data is connected to your online persona and not to your physical identity (PSA), and that your data is not supplied to any outside agencies for those agencies to use (OUR).You can set this header if you use the Response.AddHeader method in an ASP page. In ASP.NET, you can use the Response.AppendHeader method. You can use the IIS Management Snap-In (inetmgr) to add to a static file.Follow these steps to add this header to a static file:Click Start, click Run, and then type inetmgr.In the left navigation page, click the appropriate file or directory in your Web site to which you want to add the header, right-click the file, and then click Properties.Click the HTTP Headers tab.In the Custom HTTP Headers group box, click Add.Type P3P for the header name, and then for the compact policy string, type CP=..., where "..." is the appropriate code for your compact policy.
posted date: 2008-12-23 06:35:00
|Re: PHP Multi site login||#8|
Yeah, that's what I am looking for, and I have managed to achieve it with Firefox, but it isn't working with IE. Maybe I am just going about it in the wrong way.
posted date: 2008-12-23 06:51:00
|Re: PHP Multi site login||#9|
I had originally thought this, and in fact found that it was in fact a problem. However after a bit of tinkering, and so on I think I have this covered.
posted date: 2008-12-23 06:53:00
|Re: PHP Multi site login||#10|
Yeah, tried that first, didn't appear to work as I don't think you can set cookies for other domains, only the domain you are on. I suppose it makes sense really if you think about it.
posted date: 2008-12-23 06:54:00
|Re: PHP Multi site login||#11|
That's it exactly, I found it was the default medium setting in IE that was blocking it. By adding the code: header('P3P:CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"'); everything now works perfectly :D
posted date: 2008-12-23 06:55:00
|Re: PHP Multi site login||#12|
You're not allowed to set cookies for other domains.
posted date: 2013-05-16 01:54:00
|select page: « 1 »|