PHP Codeigniter sharing session - php

I had problem with session sharing. Can session be shared across domain? I'm using PHP codeigniter framework for my project.
I had this case where I got 2 domain name register in server and I use 1 application.
Eg:
domainA = www.domainA.com
domainB = www.domainB.com
for domainA, i used default application
—-application
—-images
—-system
for domainB, i create new folder named domainB
—-application
—-domainB
—-application
—-images
—-system
By using htaccess, i rewrite rule whenever link is www.domainB.com it will pointing to domainB folder. This case, it working fine.
The problem is, the session created in domainA are not same as domainB. This is troublesome if we had to gather data from both domainA and domainB. Eg, let said, I add product A to add to cart in domainA, and another product B in domainB, i want to collect these both product and call it in shopping cart in domainA. Can i do that?
Need advise on how to implement these kind of problems? Usually when coding shopping cart we have to use session to keep the products in shopping cart at certain amount of times. Are there any other methods beside this? I had searched in google mostly i read the replied was something like this:
Assume you have a sites called www.innovativephp.com and www.innovativejs.com hosted on same server. Even though both sites are on same server, domain names are different hence you will see that the cookies will not be working in another top domain. :(
Thanks.

I had the same problem and still reading about it:
Extending session in another application
you might want to look on Single Sign on, openid,or even the answer given in the link provided.

Related

Does PHP session_set_cookie_params() create a manipulable cookie on the users machine?

I'm creating a dashboard where I have the front end on one subdomain and the api which is in php on another subdomain. I was looking for how to preserve $_SESSION between the two and found this. So what I'm inquiring about is since cookies are stored on the users machine and I'm sending the user id to the api, would they be able to manipulate this value and browse the app as a different user assuming I use session_set_cookie_params(). So I would be using $_SESSION in the api but this native function makes me think they'd be able to change the value.
I don't believe this method I've alluded to is of any danger (knock on wood) but I'm just going to go for the /api/ subfolder structure anyways at this point as having a separate endpoint seems to make things too spread out.

How can i share CodeIgniter Session across two different CI CodeBase?

I have two CI Code base say projectX and projectY (Two Different Code Base and yes CI systems files are also separate but same version), Where ProjectX is the main site say http://projectx.com and ProjectY is http://projecty.projectx.com
Now when a user logs into the system (ProjectX) and clicks on some link that takes him to ProjectY. I want the user gets logged into SystemY with same session that was activated when he/she had logged into SystemX.
So my question is it possible and if yes then how or if 'NO' then what are possible ways to accomplish this as i don't want to show one more popup for login
Ok first of all thanks to #LuckyBurger for the link he has given in comment and yes that is a perfect solution for the problem all you have to do is to change the config file in both the code base with same values for session config array

Obscuring a username with mod_rewrite

I have a website that serves up various information for users who have accounts on it by accessing information listed under a username and a category. Using the variable names, u and c, the url looks like this:
www.originalwebsite.com/user.php?u=username&c=43
I want a user-defined custom domain to remove any evidence of a username variable or variable name. Other variables (like category) are fine to remain. Ideally, this would result in the following link pointing to the one included before:
www.customdomain.com/c=43
My reasons being that the custom domain would be unique for the user and, therefore, would be remove the need to specify the user (in theory, not in practice so far) as well as presenting the site from a custom domain in a manner that looks like a single site, rather than the portal like options of the original.
I can get www.customdomain.com/u=username&c=43 to work but am trying to think of the best method to remove reference to the username when using the custom domain (both the variable identifier and the variable itself). I'm struggling to think of how I'll inform the original website of what user account to use if it's not mentioned in the url itself.
At the moment my best idea is to let user.php handle this with a condition of whether the request is from originalwebsite.com or a custom domain. If finds that it's the latter, it checks it against a database listing and finds the relevant user settings discreetly. This feels like quite a slow procedure, however.
If my example is not clear, think of sites like Tumblr, where you can add a custom domain and, from that point on, urls make no reference of your user name.
From some discussion here and further research, it seems as though there's no quickfire way of doing this. It looks like I'm stuck with either keeping some form of reference that can identify a username in the url, using a cookie or sticking with my original idea of referencing the custom domain against a database to find the appropriate user and settings.
I've gone with the database referencing option as I need to remove references to any username from the url and I can't always rely on cookies. I need a 100% success rate of correct redirection.
I've changed my user.php file to check if the request has come from originaldomain.com or newdomain.com. If it's from originaldomain.com, it looks for a username variable in the url as it should have one for any user that doesn't have a custom domain. If it comes from a different domain, it checks to see if this domain is listed in the database and finds the user from this. There's a few catches that I'll need to trial but I've got 90% of the issue solved.

Shared shopping basket over multiple sites

I've researched 2 methods that could reproduce the functionality coolblue.nl has.
They have 83 webshops, and all shopping baskets are merged. So if you add a product
to your basket on laptopshop.nl and go to one of their other shops (ie. smartphoneshop.nl) the product is already in your basket.
But how does it exactly work?
Single Sign on? I guess not, users are not required to log in
Identifying pixel? But how is the product directly available?
Unique links? They are not using it.
Can anyone give me some detailed info how i could get this to work?
Single Sign on? I guess not, users are not required to log in
Simply share the sessions between your servers. Store everything in a central memcached server. Only limitation is the cookie placed for one domain, not directly accessable by the other domain. Maybe it's JavaScript / JSONP used to circumvent this.
I personally use memcached too because it's faster, has less disc i/o, can be clustered, integrated into PHP and is dispatched from your webserver.
Identifying pixel?
Session IDs are stored per domain, so one domain usually cannot read other domains data (security). You can circumvent this using JSON(P). So you send a JSON(P) request to your central (web)session server and ask it "is there already a session for the user, if yes, return me the id".
You'd simply reuse the session then.
But how is the product directly available?
You can be sure all their Shops share the same database server and a unique product id like SKU/EAN.

Orders being placed for wrong store

I am using Magento 1.3.2 in a multi-store setup. www.example.com is the main store, and abc.example.com, foo.example.com and bar.example.com are affiliate stores with separate subdomains, separate inventory, separate carts, separate designs.
My problem is that some orders being placed through the affiliates are showing up as coming from the main store. It doesn't happen frequently, maybe once in every 1000 orders. I notice these when I go to fulfill the order and I see that the SKU is not one of mine but rather it is one of the affiliate's, despite the fact that the website, store and store view on the order screen all show the main store. I know that the customers are adding the product to their cart from the affiliate site (we don't even list affiliate products on the main site) and they go through the checkout process on the affiliate site. Does anybody have any ideas what could be causing this?
EDIT: I wish I could recreate this so I could post some code that I think might be buggy or something else helpful, but I've tried every permutation I can think of (logging in on the affiliate site vs the main site, having two carts open, adding/removing products in various sequences) but I still can't reproduce the issue.
You should follow some steps :
Make sure affiliates use different databases. Provide them with different database username/password sets. This ensures they are not messing with your database.
Make sure you have CSRF tokens, Or some URL Redirection/DNS config would make orders of affiliates to end up on the main shop.
If you feel like it, Browse web server logs to see what happened (might be time-consuming)
Provide people you ask for help with your system configuration, e.g Web Server, Server-side Scripting Language, Database Server, Operating System, etc.
If it is 1 in a 1000 problem, Then there are two general case of triggers for that:
Some particular costumers with particular system setup / clicking habits result in that.
You have concurrency problems in your code (Database Transactions?)
Hope it helped

Categories