Share Session Between Two Websites

Question

Hi thanks in advance...
I am Working on a Project, I need some clarification to share data between two sites in a high secure manner. Currently I am using Form Post to

Answer 1

Urk. First off, never, EVER do this:

$session_id = $_REQUEST['session_id'];  

This causes a security truck-hole we refer to as 'session fixation' ( read more: http://en.wikipedia.org/wiki/Session_fixation ).

It seems you're pretty heavy on security. If you need to share data from site 1 to site 2, you should do it through a single consumption bridge:

1). Click on a link on Site 1 to a handler file, let's call it redir.php.

2). Redir.php first checks the existing session data.

3). Redir.php writes relevant info into a DB row, along with some sort of identifier (say, an MD5 hash of the user ID + '_'+ current time), plus a 'consumed' flag, set false.

4). Redir.php does a 301 redirect to Site 2, along with the identifier.

5). Site 2 reads the relevant row out of the DB.

6). If the data is good and has not yet been 'consumed', return a success and mark the data as consumed.

7). If the data has been consumed, throw some sort of error.

There are more complex ways of doing this, but I think this handles what you're trying to do.

Answer 2

you could use a common session backend for both sites, eg. store the session in a database

to replace the built-in file backend you can use the function session_set_save_handler