[thelist] 'Hijacking' sessions

[Nick Daverin]

Hi Rob and Anthony,

Yeah, storing the info in a database would solve this, but unfortunately
that is not an option I can pursue at this time. I was hoping for a magic
smoke answer, where info is not stored in a database as I'd have to start
putting calls to save and retrieve data on any page you could cross over on
the sites, then deleting the record from our db after the users were done.
In time we'll be creating a customer login that will save this trouble but
until we do that and hash out our legal policies I'm not allowed to store
their info in a database on our site.

-Nick

On 5/24/06 1:21 AM, "Rob Agar" <robagar at westnet.com.au> wrote:

> hi Nick,
> 
> One way I've employed successfully is by using the PEAR::HTTP_Session
> class (http://pear.php.net/package/HTTP_Session) and configuring it to
> store session data in a database, then just passing the session id in
> the GET request to the other site.  Of course, the second site has to be
> able to access this db.
> 
> hth
> Rob
> 
> Nick Daverin wrote:
>> I was wondering if there is a way to pass session data between sites...
>> Sort-of Œhijacking¹ my own session. As an example: On the one site, we
>> collect donations. All data is stored as session variables until the
>> purchase is completed. Then info we save is sent to a completely unrelated
>> (non accessible) database. We would also like to give people the option of
>> visiting our gift shop before they checkout. Now this site is on a different
>> domain, so even if I pass the session id [using session_id($_GET[Œsid¹])
>> for
>> example] the session variables I¹ve stored while on the first domain are
>> inaccessible so a user would have to check out twice. We use php on these
>> pages though some type of javascript solution could be implemented (as long
>> as I can explain how it works to my boss).
>> 
>> Thanks for any info!
>> -Nick