Comments on: PHP Sessions http://blog.olebox.com/2008/11/11/php-sessions/ Giving back to the Community Wed, 17 Mar 2010 17:14:05 -0400 http://wordpress.org/?v=2.9.2 hourly 1 By: Shaun http://blog.olebox.com/2008/11/11/php-sessions/comment-page-1/#comment-24 Shaun Fri, 21 Nov 2008 19:27:01 +0000 http://blog.olebox.com/?p=99#comment-24 This can be a bit difficult to accomplish when using various frameworks without exposing yourself to vulnerabilities. There are a couple ways you can do this. You can have an ajax request within the browser start a session on the other site at the same time the user logs in. This is blatantly visible, so for this to be secure, you should probably do a server side post with an ip address after the ajax post to verify the session. Once it's established, store a cookie for both sites with the login id. To overview, the user logs in, if correct, the server performs a post to authenticate the ip address and the signed in username. Then you do a browser ajax request to the second site to create a cookie. When all is said and done, you will have 2 websites, each with a cookie. You'll have to make sure your session/cookie timeout is set the same on both servers and if you provide the user with the ability to log out, you'd need to reverse this process to delete the cookies. This can be a bit difficult to accomplish when using various frameworks without exposing yourself to vulnerabilities. There are a couple ways you can do this. You can have an ajax request within the browser start a session on the other site at the same time the user logs in. This is blatantly visible, so for this to be secure, you should probably do a server side post with an ip address after the ajax post to verify the session. Once it’s established, store a cookie for both sites with the login id.

To overview, the user logs in, if correct, the server performs a post to authenticate the ip address and the signed in username. Then you do a browser ajax request to the second site to create a cookie. When all is said and done, you will have 2 websites, each with a cookie.

You’ll have to make sure your session/cookie timeout is set the same on both servers and if you provide the user with the ability to log out, you’d need to reverse this process to delete the cookies.

]]> By: HardCoded http://blog.olebox.com/2008/11/11/php-sessions/comment-page-1/#comment-12 HardCoded Wed, 12 Nov 2008 22:26:26 +0000 http://blog.olebox.com/?p=99#comment-12 Shaun I have a unique project I am working on. Don't worry no graphics involved. Anyway do you know if there is a way to share sessions between a PHP application and a Coldfusion one? Maybe share isn't exactly the word I am looking for. Perhaps a better way would be to create the same sessions both in PHP and Coldfusion. Any ideas? The breakdown is that I have a project in which a huge website was built in Coldfusion and now they want to add a PHPBB3 Forum to this site and share the user login information. So basically a person with an existing account should be able to login at the coldfusion app and not have to login a second time when they reach the forums. I think that made sense. Thanks! Shaun I have a unique project I am working on. Don’t worry no graphics involved. Anyway do you know if there is a way to share sessions between a PHP application and a Coldfusion one?

Maybe share isn’t exactly the word I am looking for. Perhaps a better way would be to create the same sessions both in PHP and Coldfusion. Any ideas?

The breakdown is that I have a project in which a huge website was built in Coldfusion and now they want to add a PHPBB3 Forum to this site and share the user login information. So basically a person with an existing account should be able to login at the coldfusion app and not have to login a second time when they reach the forums.

I think that made sense. Thanks!

]]>