Cross domains sessions - shared shopping cart cross domains

You can use a third domain to identify your customers over all domains.

Use for example a PHP File on http://thirdDomain.com/session.php that is included on all pages on both shops.

Sample:

<script type="text/javascript" src="http://thirdDomain.com/session.php"></script>

After your customer switches domains, you can identify him as the same customer using the third domain.

You can assign the session id on both shops to the session id on the third domain to access the cart on both shops. You only need to inform the third domain about your shop sessions (i.e. add them as parameter).

Depending on how flexible you are with your code and templates, you can even use an output from the third domain to define the session id in your shops. This way you can use the same session id on all domains.But normally a session id assignment should be the more secure way.

Using the javascript version you can also output scripts that may add a session id to all outgoing links and forms to the other domain in the current html page. This might be interesting if you can identify your customer as having cookies blocked.You can also use the javascript to inform the parent document about an existing session.

This keeps getting asked.

Have a search for SSO.

You need to pass the session id in the URL (or vai a POST) across the domains, then:

1) check the session does not already exist on the target domain

2) rebind the session using the session id sent

e.g.

if ((!$_COOKIE[session_name()]) && $_GET['passed_id']) {    if (check_session_exists($_GET['passed_id'])) {         session_id($_GET['passed_id']);    }}session_start();...function check_session_exists($id){   $path=session_save_path() . $id;   if (file_exists($path) && (time()-filemtime($path)<session_cache_expire())) {      return true;   }   return false;}

This also means you need to add '?passed_id=' . urlencode(session_id()) to any URL pointing to the other domain.

C.

The schema is quite simple and widely used. By google for it's numerous services for example. You have a whole picture by tracking down HTTP interchange between your browser and various google services to get the idea.

Suppose we have our client authorized for the 1st domain. By getting to the second, we have to:

1. start a session and store some token in it.
2. ask browser to request 1st domain somehow and send this token along.
3. 1st domain will recognize our client and make a connection in the shared database between this token and user id.
4. By requesting second domain again, we will have it authorized for it's already started session.

The only question remains is how to request 1st domain. It can be a picture, or JS request or entire page redirect. Certain choice is up to you.