Suppose I have domain-a.com (A) and domain-b.com (B)
I'd like to be able to share php sessions between the two domains unifying logins in a way that once the user is logged to A is automatically logged into B and vice versa.
Now, the problem I'm facing is that even if I managed to have the browser talk via ajax to an external domain via the Access-Control-Allow-Origin header it won't set cookies (please don't tell me "you can't set/get cookies for another domain, this is not the problem")
here's the flow:
A sends credentials to B
if credentials are OK
-B answers with the SESSID made in order to be consistent with the user credentials (so that it can be generated both ways ie: login from A or login from B), this will be used later to share the session created on B
-At the same time I'd like that B could write cookies for its domain, but so far I wasn't able.
What I need here is very simple, once that the credentials from A are correct i'd like that server B could write his cookie for his domain (B), I can see from the headers that technically it's setting cookies, but the browser isn't really listening. any idea? am I playing in a dangerous zone of incompatibilities between browsers? technically all of this should be pretty vanilla for the recent browsers.
thanks!
If domain-a.com and domain-b.com are on the same server, you can implement your own sessions or try to use session_id to set session ID. If they are on different servers, you`ll need to use some sort of replication or create an API to authorize users on third-party domains.
ReplyDeleteYou have a couple of options here:
ReplyDelete1) If the two domains are on the same logical file system, and they use the same session folder, then you can share session information between them.
2) Use a database (rather than cookies) to maintain session state.
The latter option is likely your best bet, as you can do it regardless of whether the domains are on the same file system, so long as both domains can access the same database.