From: Daniel Kolbo > Daniel Brown wrote: >> On Sun, Jul 12, 2009 at 12:37, Daniel Kolbo<kolb0...@umn.edu> wrote: >>> Hello, >>> >>> How does one continue a php session on a different domain (domain B) >>> than the domain (domain A) that started the session? >> >> Simple answer: you don't. >> > > Thanks for the responses. > > Re: Simple answer > I thought of another example. My bank's website. I sign-in and > authenticate with "bank.com". Then, i click credit card from bank.com > and i'm redirected to "creditcard.com" without me having to reinput > user/pass. They clearly do it (granted they have a lot more resources > then I do, but i'd still like to know how they are doing it).
My bank also does this, but it only works if Javascript is enabled when I first log in. Otherwise the initial login fails and I do it again on the second site. I haven't actually looked at the page sources to see what they do. But I have NoScript configured to block all JS by default so the initial login attempt always fails. It also reports blocked XSS attempts on both pages. So whatever they are doing does not appear to be very safe. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
