开发者

How do I pass session variables from one domain to another in PHP

I have encountered a situation where I need to pass $_SESSION variables from one domain to an iFrame page from another domain. I have spent the last 16 days trying various methods to no avail. I think that the only logical way would be to encode the variables in the url that calls the iFrame and decode them in th iFrame page. I am not sure how to go about this and I am looking for any samples, assistance etc that I can find.

Thanks for any and all suggestions.

Here is an example of what I am trying to do...

Example:

<!-- Note only using hidden as I didn't want to build the form at test phase-->
<form name="test" method="post" action="iframe_test.php">
<input type="submit" name="Submit" />
<input type="hidden" name="fName" value="abc" />
<input type="hidden" name="lName" value="def" />
<input type="hidden" name="address1" value="ghi" />
<input type="hidden" name="address2" value="jkl" />
<input type="hidden" name="country" value="mno" />
<input type="hidden" name="postal_code" value="pqr" />
<input type="hidden" name="city" value="stu" />
<input type="hidden" name="retUrl" value="vwx">
<input type="hidden" name="decUrl" value="yz">

So from here I am hitting the iframe_test.php and doing the following: PHP Code: function StripSpecChar($val) { return (preg_replace('/[^a-zA-Z0-9" "-.@:/_]/','', $val)); }

foreach ($_POST as $key => $val) { 
$_SESSION[$key] = StripSpecChar($val);   
} 

and I get a session array that looks like this: Code:

Array
(
    [fName] => abc
    [lName] => def
    [address1] => ghi
    [address2] => jkl
    [country] => mno
    [postal_code] => pqr
    [city] => stu
    [retUrl] => vwx
    [decUrl] => yz
)

Still all g开发者_如何转开发ood so far....call the iFrame

Code:

<body>
Some page stuff here

<div align="center"><span class="style1"><strong>This is the iFrame Page</strong></span>
</div>
<div align="center">
<iframe src="https://www.other_domain.org/iframe/reserve.php" width="500" height="350" frameBorder="0"></iframe>
</div>

</body>

So HOW do I take...

$_SESSION['fName']['abc']; 
$_SESSION['lName']['def']; 
$_SESSION['address1']['ghi']; 
$_SESSION['address2']['jkl']; 
$_SESSION['country']['mno']; 
$_SESSION['postal_code']['pqr']; 
$_SESSION['city']['stu']; 
$_SESSION['retUrl']['vwx']; 
$_SESSION['decUrl']['yz']; 

and turn it into the encoded url that I am looking for? Further once that is done how to I get the session vars back as session vars on that new domain iFrame page...


Serialize the sessiondata array and send it as a parameter and then deserialize it http://www.php.net/manual/en/function.serialize.php


Use serialize() and then base64_encode() to pass the data without corrupting it and (mostly) maintaining its structure.

It's not a good practice, because then anyone who figures out how it works can inject arbitrary data, but if that's what you want to do, it will work.


Why not just send the session id to the otehr domain (and assuming they can read the same session storage substrate) use that as the session id there, e.g.

<?php
// catch remote session id, validate and reassociate
if (md5($_GET['exported_sessid'], $shared_secret) == $_GET['check_hash']) {
      // (basic CSRF check
      session_id($_GET['exported_sessid']);
}
session_start();
....

C.


You can take an assoicative array and convert it to a query string with the function http_build_query

Note: the second array you posted is not the correct output of a session array.

On the receiving page/domain, just take the query string and place/sanitize the expected parameters into your $_SESSION array (or whatever you need to do with it).

This is safer than using something like serialize/unserialize as only arrays are being used.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜