How do I pass PHP session data from one Apache virtual host to another? I am currently running Apache 2.2.17 and PHP 5.3.3 and I’ve set up one host to manage a single sign-on application and I need to pass this to two other virtual hosts that are running separate applications. This is something I intend to develop further, but for now passing session data would be the easiest.
Currently this code creates the first session in the SSO subdomain auth.domain.com and then passes the user back to the application interface app.domain.com (has been trimmed):
$user = new User;
$user->set_user_session();
Header(“Location: $redirectURL”);
exit;The server is entirely managed privately so multi-user security isn’t a worry. However, if anyone sees any security issues beyond that please let me know. If you know of a better methodology please share and I will research it further. I appreciate the help.
……………………………………..
As far as I’m aware, PHP sessions are not (by default) virtual-host aware: you would need to pass the session ID as part of the redirect and then set it in the other virtual host. So something like:
$sessionid = session_id();
Header(“Location: $redirectURL?session=$sessionid”);
exit;And then in the target of the redirect:
session_id($_GET['session']);
session_start();Try that and let me know how it works.