[thelist] 'Hijacking' sessions

Rob Agar robagar at westnet.com.au
Wed May 24 00:21:39 CDT 2006


hi Nick,

One way I've employed successfully is by using the PEAR::HTTP_Session 
class (http://pear.php.net/package/HTTP_Session) and configuring it to 
store session data in a database, then just passing the session id in 
the GET request to the other site.  Of course, the second site has to be 
able to access this db.

hth
Rob

Nick Daverin wrote:
> I was wondering if there is a way to pass session data between sites...
> Sort-of Œhijacking¹ my own session. As an example: On the one site, we
> collect donations. All data is stored as session variables until the
> purchase is completed. Then info we save is sent to a completely unrelated
> (non accessible) database. We would also like to give people the option of
> visiting our gift shop before they checkout. Now this site is on a different
> domain, so even if I pass the session id [using session_id($_GET[Œsid¹]) for
> example] the session variables I¹ve stored while on the first domain are
> inaccessible so a user would have to check out twice. We use php on these
> pages though some type of javascript solution could be implemented (as long
> as I can explain how it works to my boss).
> 
> Thanks for any info!
> -Nick




More information about the thelist mailing list