CMS Made Simple Forums

Hello, I am trying to pass a session from one domain to the other in the realm of a multiple domain with one install... I'm posting here vises the mod board as I think it's more on the core side that the work need do be on... only think thou lol... so the set up is like this...

CMSMS 1.5.1
FEU 1.5.4
And 5 domains

the site lets say
domains.com
domains.biz
domains.net
domains.info
domains.org

are connected fully sharing everything in the respective domain… So your not doubling the content and you don’t get a Google SEO mishap… but if the user logs in to domains.com and then move to domains.net they are not “logged in” but when the move back they are still logged in there leaving the user with two sessions but only one “script” work these two.

So this is the thing I think would work... but not sure on how... “create a cookie” for all 5 at the same time? Like store it in the DB or Pass the value in post... this way they can move around with out logging in to all of them.

Right now the same name for the cookie is made for the client... lets say

CMSSESSID7f4680cc

no matter what domain you go to... but let say you are on domains.com... you get a value of lets say

4hudhi029c24kkjjn31d78t810

and on domains.biz... you get a value of lets say
91uef4l4nq5flqaa5ri19c89o3

but still the same name CMSSESSID7f4680cc... so... not sure how to do this but I was thinking that I could just pass the value for the user as they move from one domain to the other domain… I am thinking that as I’m assuming that the name of the cookie is unique to the user..? So then I can push it’s value to the DB, Or a UDT to pass it in a post as I have a “handle” to work with.


And I was thinking… that there could be a way to use $smarty.session.user or $smarty.session.opts??? Trying to gain the know how of the inner working of the core and FEU interaction for ths area has been my stumbling block… and google anit helping much...

Now I’m sure that there is a lot of work… I’m not expecting anyone to do it for me… I really just need to be pointed in the right direction and may-be a few hints on how…
Any help would be great… I’m sure that is long enough lol but I have more information at

http://www.experts-exchange.com/Web_Dev ... 23292.html

Im not going to post any code yet as this is long and nothing so far has been all that great and I'm still reading too… anyways… Thanks for the help…

Jeremy

I don't believe if you are going to try and go from one site to the other after having logged out of it you can, the new session IDs are made so this won't work...

I am thinking that
1.) since I can track the use moving thru the site?? I can bypass the auto generation of the session ID?? And give the use the same value??

or

2.)log the user out and back in on the new domain...

the thought is that since the user is in the db already... in table cms_module_feusers_loggedin

with rows
sessionid
lastused
userid

that I should be able to do this one way or another... I'm brainstorming I just think that if it can be done safely it'd be to cool to give up on...

thank you for the help…

jeremy

ok... So I have thought it out and this is the trick I think may work the best... lets see what ya think here...

so pass a session that is generated based on a hashed value of the of the two last locations of the user.  but since passing that through the post can be hijacked, that is used like a proof of address.  I'm going to think of this like getting a drivers license.  Now I can log the user out and in on the back side, so the user is only logged in to one domain at a time.  So the script would say, ok I see that you are moving from domain1  to domain2(as it does now), and the client say here is my history session (the hash of the last 2 urls may-be?).  At this point the server checks it to the history it has of the user and if it matches the path of the user being tracked then the user is logged  out from the first domain and in to the second...

I'm trying to triangulate the user I guess... this way I can skip the IP/Iframe solutions... so a combo of Option 3 and the power of the selective domain content relatively of my setup along with the server side user tracking...

I figure it'll need to be broken down like this... moving from page1/domain1 to page1/domain2...

1.) track the user from url to url... so I think that should be something I can do with Statistics may-be
2.) create a session that gets passed in the post but it's more of a piece so if it gets hijacked it'll do nothing because it wouldn't match the user information.
3.) log them out of FEU and then Log them back in under the new URL of the page the user moved to (which would be the new domain)


My thought is that this should still be secure in the fact that the user still get the sessions like they do now and the extra session is to confirm only the switch from domain1 to domain2, validating the logging out and in...

Let me know what you think... if you see a hole in there that I could/should improve on.

thank you for the help...