close ad
Install the LAtest Updates to Work with CC 2017 and CC 2018
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

Can a user session be transferred from one domain to another?

Thread began 6/24/2014 10:51 am by mora398588 | Last modified 7/18/2014 10:12 am by Jason Byrnes | 4041 views | 14 replies |

mora398588

Can a user session be transferred from one domain to another?

I am facing the reality of having to remove our training site pages from our current domain into a new separate, distinct domain (website) with a different URL. I have created user sessions in our current site which allows our users seamless access to our dynamic pages where they can enroll in our workshops, and access other secured pages.

Is is possible to transfer a user session from our current domain to our new training website (domain) without having the user to log out from one domain and sign in on the other?

Could cookies or javascript be used to transfer the user session?

Thank you.

Sign in to reply to this post

Jason ByrnesWebAssist

use a form post to transfer from one domain to another.

for each session variable, create a hidden form element that uses the session as the value.

on the page that the form posts to, use the set session value to set each session variable using the form post.

Sign in to reply to this post

mora398588

Here is the form post I have come up with:

<form id="form" method="post" action="http://www.mycorpu.org/index.php">
<input name="UserID" type="hidden" value="<?php echo $_SESSION['UserID']; ?>">
<a onclick="form.submit();">Corporate University </a>
</form>

As you can see, I am using the UserID session variable to pass the user session over to the other domain. However, I am uncertain if just passing the UserID session variable is sufficient to pass the user session. As you may recall from my original post, I would like the user (once logged in) to seamlessly transfer from the domain they are signed into to the other domain (mycorpu.org) without having to resign in.

You stated in your previous post that on the page the form posts to, I would need to use the set session value to set each session variable using the form post. On the page where the form is supposed to post to, I used the eCart set session value and here is what I came up with:

<?php
if (!session_id()) session_start();
if((isset($_GET['UserID']) && $_GET['UserID'] != "")) {
$_SESSION["UserID"] = "???";
}
?>

As you can see above, I placed (???) in the value area. I am uncertain as to what goes here. Am I to insert the actual User Session Variable in the value field?

Sign in to reply to this post

Jason ByrnesWebAssist

your form is using the POST method, so the code for the trigger:
if((isset($_GET['UserID']) && $_GET['UserID'] != "")) {

will not work, it needs to use the post method also:
if((isset($_POST['UserID']) && $_POST['UserID'] != "")) {


the value you use for setting the session, is the form post value:

$_SESSION["UserID"] = $_POST['UserID'];

Sign in to reply to this post

mora398588

Thank you, Jason. I will give this a try, per your instructions.

Just a thought, if the user session is successfully passed onto the other domain, will the user be able to access content which has SA access rules applied to them? The other domain that the form posts to includes several pages where SA access rules have been applied - where a specific userLevel is required to access such content. In this case, the UserID that is being passed is associated with a recognized userLevel.

Sign in to reply to this post

Jason ByrnesWebAssist

as long as you pass all sessions that are needed, and use the same names, the security assist access rules should work.

Sign in to reply to this post

mora398588

The recommendations you provided worked out fine. I was able to successfully pass both the UserID and userLevel session variables over to the other domain. And, I was able to access pages where SA access rules appeared to apply.

However, I noticed a side affect that I did not anticipate. After I had passed the user session over to the other domain, I noticed that the profile information of the user could not be seen, such as the user's first or last name, email address, etc. I can only conclude that passing just the UserID session variable does not necessarily mean I can access the user profile contact data. When I attempted to access the user profile.php page, the page displayed a message that it could not find a profile.

Is my understanding correct?

Sign in to reply to this post

Jason ByrnesWebAssist

how is the recordset on the user profile page configured?

It probably uses another session that is not being passed. It sounds like there are other sessions you are using on the one domain that are not being passed to the other.

Sign in to reply to this post

mora398588

Here is how the records set is configured on the profile.php page:

<?php
$ParamUserID_WAATKusers = "-1";
if (isset($_SESSION['UserID'])) {
$ParamUserID_WAATKusers = (get_magic_quotes_gpc()) ? $_SESSION['UserID'] : addslashes($_SESSION['UserID']);
}
mysql_select_db($database_localhost, $localhost);
$query_WAATKusers = sprintf("SELECT users.*, Level FROM users INNER JOIN userlevels ON users.userLevel = userlevels.ID WHERE UserID = %s", GetSQLValueString($ParamUserID_WAATKusers, "-1"));
$WAATKusers = mysql_query($query_WAATKusers, $localhost) or die(mysql_error());
$row_WAATKusers = mysql_fetch_assoc($WAATKusers);
$totalRows_WAATKusers = mysql_num_rows($WAATKusers);
?>

Here is what the current domain is passing over to the other:

<form id="form" method="post" action="http://www.mycorpu.org/index.php">
<input name="UserID" type="hidden" value="<?php echo $_SESSION['UserID']; ?>">
<input name="userLevel" type="hidden" value="<?php echo $_SESSION['userLevel']; ?>">
<a onClick="form.submit();">Corporate University </a>
</form>

Other than the userLevel and UserID, there are no other sessions (supposedly) being passed.
When I stated in my other post that I was able to successfully pass the variables over, I noticed that (at least) the userLevel session was passing, since I was able to access content secured by SA. The shopping cart was also able to recognize the userLevel session, as it applied the correct discounts and passed me to PayPal without login. It is possible that the UserID session may not be passing over, since it appears I could not see the user profile data.

Thoughts?

Sign in to reply to this post

Jason ByrnesWebAssist

on the profile, add the following code at line 1:

<?php @session_start(); ?>



then in the body add this code for troubleshooting:

<pre><?php var_dump($_SESSION); ?></pre>
<?php echo($query_WAATKusers); ?>
Sign in to reply to this post
loading

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...