Jump to content

Obsolete:Multi domain cookies

From Wikitech
Note: This page was created as a temporary pastebin and probably doesn't make any sense without its proper context

sendsessionid.php

<?php
require_once("cookie.php");

$next = false;

$idx = isset($_GET['idx'])?(int)$_GET['idx']:0;

$d = $domains[$idx];
if ($_GET['key'] == $signedsessionkey) {
    session_id($_GET['sessionid']);
    error_log("starting session in $d");
    session_start();
} else {
    error_log("NOT starting session in $d");
}
if (!isset($domains[$idx+1])) {
    error_log("all done");
    header('Location: '.$_GET['orig']);
} else {
    header('Location: http://'.$domains[$idx+1].'/sendsessionid.php?orig='.urlencode($_GET['orig']).'&sessionid='.urlencode($_GET['sessionid']).'&key='.urlencode($_GET['key'])."&idx=".($idx+1));
}

exit;
?>

cookie.php

<?
$secretkey = "blah blah";

$domains = array("neocrat.com","nonstatic.com");
sort($domains);

$signedsessionkey = !isset($_GET['sessionid'])?"":md5($_GET['sessionid'].$secretkey);
?>

setcookies.php

<?
require_once("cookie.php");

session_start();
header("Location: http://".$domains[0]."/sendsessionid.php?orig=".urlencode($_SERVER['SERVER_NAME'])."&sessionid=".session_id()."&key=".md5(session_id().$secretkey));
exit;

?>