I have done a redirection fro开发者_运维问答m www.abc.com
to www.def.com
using .htaccess
.
The redirection is successfull but I have a problem whereby the cookies and session can only be accessed when I access the website using def.com
.
The session will be missing when it is checked from abc.com.
How to copy or read the session at def.com
?
Please Help me.
well you can't do it simply. Maybe see this post ?
Your cookie containing your session id (and therefore, your entire session) is only valid on the domain where it is created. So when you change domains, the cookie is no longer available. To work around this, you could send the session ID to the new domain (which is not very safe, but you might not care), and then creating a new cookie and session for that domain.
This is called "cross site scripting" (XSS) and a lot of people work very hard to make sure that what you want isn't possible. If you do find a way to do it, be sure to let us know, because that would be a MAJOR security breach.
You can only share the same session on both domains when you have access to the session data storage from both servers. Depending on the session data storage type and location, you might need to write your own session storage handler.
Besides that, you also need to make sure that the same session ID is used on both domains. If you want to use cookies for the session ID, you can only do it when your domains share a common super-domain, so they are sub-domains of the a domain like foo.example.com and bar.example.com share the super-domain example.com. In that case you need to adjust the session cookie parameter domain and set it to value .example.com
for the super-domain example.com.
Otherwise, like in your example where the domains do only share com as a top level super domain, you can’t use cookies (in the first place). But you can use the URL to transfer the session ID from one domain to the other domain. To do that you need to enable session.use_trans_sid and disable session.use_only_cookies (both at least on the redirection target domain) and append the session ID to every URL pointing from one domain to the other (here you can use the SID
constant).
精彩评论