Hey guys,

Is it possible to share sessions across multi domains if they're all hosted on the same machine? I've seen conflicting answers all over the web and this forum, but I can't seem to find if it's actually possible, and how to do it.

Anyone have experience doing this? I'd like to allow our users to be able to login at one domain, and have that user sessions saved when they go to visit our other domains on the same machine.

Let me know! And I appreciate your time.

Jon

Yes, this is possible--I've done it in several instances in J2EE projects I've worked on, but the principles should apply to any language/framework. How you go about this is a function of whether you are using cookies or URL rewriting, if you a persisting sessions to a permanent session store (file-based, database-based, etc.), if these domains are all being served from the same app server handling the sessions or if they are being served from different app servers, etc. There will probably be a small performance penalty, but it should be fairly negligible depending on the session size. How do you currently have your architecture set up?

Anyone have experience doing this? I'd like to allow our users to be able to login at one domain, and have that user sessions saved when they go to visit our other domains on the same machine.

This sounds more like SSO (Single Sign On) than sessions across applications (two things that are very different).

So, if you want to use SSO for your multiple applications -- the end result is that a authenticated against one application, and his credentials are trusted across others -- then I can suggest JBoss SSO (http://www.jboss.org/jbosssso/). You might also want to explore getting up your own OpenID provider for your apps and just replace your current auth framework with openid.

Depending on what constitutes your 'session', you may need something more than that; but most of the time people generally mean 'SSO' when they say 'sharing sessions'.

It's simpler than that really, and I can provide a basic example via PHP/MySQL which seems to be the popular topic here. You can even stretch the example to create distributed sessions, so that they can be shared even if on different machines automagically by connecting to remote MySQL databases.

Take a look at this fn:
http://ca.php.net/manual/en/function.session-set-save-handler.php

The only restriction to unified sessions is that of filesharing, but if you have a shared session handler that pools the session data for each domain from a same database, then voila, the work is done. Yes, it's that simple :)

You'd just have to:
1. Create a custom session save handler
2. Set it as your session handler using the function above
3. Connect to the same session database on all sites (used by #2 above)

Hope this jogs some ideas. I bet if you google for:

session_set_save_handler +MySQL

you will find some good results if LAMP is what you were seeking.

GL
Alex