kevin <[EMAIL PROTECTED]> wrote... : > Allo, > > I seem to have run into a couple of problems with a project I am currently > working on. First one is that the project has a login feature that tracks the > user using cookies. The client alas has a desire to have multiple sites and > have the login to other sites in his group seamless (in as much as he would > like no additional logging in).
You have very few things to do for solve it. One would be passing session id within the URL when jumping between the sites to then evaluate some session data. It is also the reasons large portal sites, when merging, add subdomains and lose their precious domains because subdomains can still share the cookies. > Since the login feature uses cookies this requirement isn't quite > fulfilled... ok, let me be honest, it ain't filled one little bit! And, even if you'd succeed it would be the greatest security risk. > The one thing I do have in my favour is that all the sites (at the moment > anyway) have the same SERVER_ADDR. Is there anyway I can set a cookie using > and IP Address rather than a URL. I have tried this with little success > (setting the path to ""). Not sure, but I don't think you can - there are loads of sites sharing the same IPs. > As a side note, I would like to be able to use sessions more but I am running > into some (very) peculiarities. I have a library which starts the session and > then I regester variables till my heart is content. Trouble comes when I want > to view them in another page... nada! If I do a 'session_is_registered' on > the variable it returns true so it seems to have the sessions set up just not > updating the values.. not sure. Now I can set up small two file proof of > practice examples but when I integrate into my existing project code I suffer > from all manner of wierdness .. the most notable being the complete lack of > persistence. You're probably missing something silly. Sessions do work ok. > I know it is a bit of a shot in the dark in as much as I have provided little > in the way of diagnostic information, but would any of you bright bunnies be > able to give me some pointers as to what I might want to look into to get > more of a clue as to what is going on? there are some articles on PHP Beginner regarding sessions and security - www.phpbeginner.com -- Maxim Maletsky [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
