2013. november 14., csütörtök

Keep your session id after redirect or reload

Ever wondered how to keep your original session ID thru a redirect or reloaded?
For me, that was a long run but now here's the deal.
In this example, we have two servers, one for login and the other for processing the credentials. Remember, they are both child domains.

Server 1: auth.domain.com
Server 2: web.domain.com

You login in a page on auth.domain.com. You have to start your a session with:
<?php
$anything = session_name("nostromo"); // that's the point
session_set_cookie_params(0, '/', '.domain.com'); // It's pretty funny that MSIE will need this but FF and Chrome won't.
session_start();
echo "ID: ".session_id(); // check your id
[.......authentication and other security stuff......]
header ('Location: http://web.domain.com/index.php?'.$mysecurestring ); // mysecurestring contains some encrypted data, including my session_id
?>

On web.domain.com:
<?php
 [...]
if ( isset( $_GET['id'] ) && !empty( $_GET['id'] )){
[....decrypting and validating your data, logging etc...and:]
session_id($my_received_secured_session_id);
   echo '<script>
     window.location = window.location.href.split("?")[0];
        </script>';
}
else {
$anything = session_name("nostromo");
session_start();
echo "We happy Vincent? ".session_id();
    }
?>

Getting work this single piece of code has taken me two hectic days.