Stefen, There is no built-in way to do what you are speaking about here (that I know of), but there is a pretty easy technique. However, even this requires a lot of work to integrate into your existing code, but it will ease all future additions and maintenance.
Keep a variable called something like $next_query_string (so you don't confuse it with the current one - you can just use $query or something if you prefer brevity), and keep up with any and all variables that you may need to include in all of your external links to other affiliated sites. For example: $next_query_string="sid=1234567"; For all links where you're wanting to include the session ID in the URL, build them as follows: <a href="http://www.site3.com/<? echo $next_query_string; ?>">Site 3</a> I'm sure this seems like just as much work, but once in place, your development will be much easier. This will also allow you to add conditional logic to which sites receive the "special sauce" in their URL. :-) if (in_array("www.site3.com", $hosts_allow)) { ?> <a href="http://www.site3.com/<? echo $next_query_string; ?>">Site 3</a> <? } else { ?> <a href="http://www.site3.com/";>Site 3</a> <? } This will also allow you to make global changes to how you handle this cross-domain session management. I wrote an extensive CDSM specification for the USPS to use (if you ever notice, many of their "services" are not in the usps.com domain) that leverages the HTTP protocol to maintain *some* security. I would recommend that you also consider passing additional information on the URL that is, for example, some encrypted information about the client that would at least be somewhat challenging to spoof. This would make it more difficult for someone to impersonate your user, since more than just the session ID on the URL would be necessary. How secure you want to make this needs to be balanced with your performance requirements, of course, because checks do take time. Just a suggestion. Happy hacking. Chris Stefen Lars wrote: > Hello all fellow-hackers > > I am working on a project that includes a number of web sites, which > are grouped together into one network. Kind of like the 'OSDN' > network, of which Slashdot.org, for example, is a member. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
