I made an error in my explanation (below). The reason you don't want to include the query string separator character in your variable is to allow flexibility with the types of URLs you can easily integrate this in with. My example should have looked like this:
<a href="http://www.site3.com/?<? echo $next_query_string; ?>">Site 3</a> The same conditional logic can be used. This allows for URLs that already have a query string to be addressed as follows: <a href="http://www.site3.com/index.php?task=incoming&;<? echo $next_query_string; ?>">Site 3</a> Happy hacking. Chris Chris Shiflett wrote: > Stefen, > > There is no built-in way to do what you are speaking about here (that > I know of), but there is a pretty easy technique. However, even this > requires a lot of work to integrate into your existing code, but it > will ease all future additions and maintenance. > > Keep a variable called something like $next_query_string (so you don't > confuse it with the current one - you can just use $query or something > if you prefer brevity), and keep up with any and all variables that > you may need to include in all of your external links to other > affiliated sites. > > For example: > > $next_query_string="sid=1234567"; > > For all links where you're wanting to include the session ID in the > URL, build them as follows: > > <a href="http://www.site3.com/<? echo $next_query_string; ?>">Site 3</a> > > I'm sure this seems like just as much work, but once in place, your > development will be much easier. > > This will also allow you to add conditional logic to which sites > receive the "special sauce" in their URL. :-) > > if (in_array("www.site3.com", $hosts_allow)) > { > ?> > <a href="http://www.site3.com/<? echo $next_query_string; ?>">Site 3</a> > <? > } > else > { > ?> > <a href="http://www.site3.com/";>Site 3</a> > <? > } > > This will also allow you to make global changes to how you handle this > cross-domain session management. I wrote an extensive CDSM > specification for the USPS to use (if you ever notice, many of their > "services" are not in the usps.com domain) that leverages the HTTP > protocol to maintain *some* security. I would recommend that you also > consider passing additional information on the URL that is, for > example, some encrypted information about the client that would at > least be somewhat challenging to spoof. This would make it more > difficult for someone to impersonate your user, since more than just > the session ID on the URL would be necessary. How secure you want to > make this needs to be balanced with your performance requirements, of > course, because checks do take time. > > Just a suggestion. > > Happy hacking. > > Chris > > Stefen Lars wrote: > >> Hello all fellow-hackers >> >> I am working on a project that includes a number of web sites, which >> are grouped together into one network. Kind of like the 'OSDN' >> network, of which Slashdot.org, for example, is a member. > > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
