[thelist] 'Hijacking' sessions

Anthony Baratta anthony at baratta.com
Tue May 23 17:40:48 CDT 2006


Create a GUID and store that in the DB with the user's data. Then pass that GUID within the QueryString to the other domain. Then use the GUID to access to the saved data in the database. Rebuild the Session as you see fit from there.

-----Original message-----
From: Nick Daverin ndaverin at marian.org
Date: Tue, 23 May 2006 12:32:42 -0700
To: "thelist at lists.evolt.org" thelist at lists.evolt.org
Subject: [thelist] 'Hijacking' sessions

> I was wondering if there is a way to pass session data between sites...
> Sort-of Œhijacking¹ my own session. As an example: On the one site, we
> collect donations. All data is stored as session variables until the
> purchase is completed. Then info we save is sent to a completely unrelated
> (non accessible) database. We would also like to give people the option of
> visiting our gift shop before they checkout. Now this site is on a different
> domain, so even if I pass the session id [using session_id($_GET[Œsid¹]> ) for
> example] the session variables I¹ve stored while on the first domain are
> inaccessible so a user would have to check out twice. We use php on these
> pages though some type of javascript solution could be implemented (as long
> as I can explain how it works to my boss).
> 
> Thanks for any info!
> -Nick




More information about the thelist mailing list