Hi thanks in advance...
I am Working on a Project, I need some clarification to share data between two sites in a high secure manner. Currently I am using Form Post to share data. But I think about if there is an option to get site-1 session-data from site-2, because I think using a session is more secure. I don't know how to use a sessions between two sites, but I hope someone here will know.
Like this:
Site 1 Coding
$_SESSION['customer_id'] = 'XYZ';
$_SESSION['total_amount'] = '100';
<a href=https://site2.com/do.php?session_id=<?=$_SESSION['session_id']?>>Click Here</a>
Site 2 Code in do.php
$session_id = $_REQUEST['session_id'];
$shared_data = bla_bla_bla_function($session_id);
$customer_id = $shared_data['customer_id'];
$total_amount = $shared_data['total_amount'];
or is there any way to do the secure data sharing between two website other than form post, please tell me.
Thank you
Yours,
Kaartikeyan R
Found Solution
I have send the Customer ID and Amount via CURL to the Second Website, in that create a Record in Table for this and generate Encrypted ID with the Record ID, and return the encrypted ID.
So in the First website i get the Encrypted ID, and use it on URL redirection to Second website.
On the Second Website with the Encrypted ID i get the Customer ID and Amount.
Urk. First off, never, EVER do this:
$session_id = $_REQUEST['session_id'];
This causes a security truck-hole we refer to as 'session fixation' ( read more: http://en.wikipedia.org/wiki/Session_fixation ).
It seems you're pretty heavy on security. If you need to share data from site 1 to site 2, you should do it through a single consumption bridge:
1). Click on a link on Site 1 to a handler file, let's call it redir.php.
2). Redir.php first checks the existing session data.
3). Redir.php writes relevant info into a DB row, along with some sort of identifier (say, an MD5 hash of the user ID + '_'+ current time), plus a 'consumed' flag, set false.
4). Redir.php does a 301 redirect to Site 2, along with the identifier.
5). Site 2 reads the relevant row out of the DB.
6). If the data is good and has not yet been 'consumed', return a success and mark the data as consumed.
7). If the data has been consumed, throw some sort of error.
There are more complex ways of doing this, but I think this handles what you're trying to do.
you could use a common session backend for both sites, eg. store the session in a database
to replace the built-in file backend you can use the function session_set_save_handler
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With