[Reevo]

Quote:

Originally Posted by CarlitoBrigante

1 - two different domains need the same user authentication. They are mywebsite1.com and mywebsite2.com.
2 - I have another website, named mynetwork.com. I create virtual subdomains web1.mynetwork.com and web2.mynetwork.com, redirecting respectively to mywebsite1.com and mywebsite2.com.
3 - Now, if I try to set a cookie from mywebsite1.com for *.mynetwork.com, would it work on both websites?

If you had all the forums installed as subdomains, I think I'm correct in saying that you could share the cookies across them, but it's possible that the login script would need to sit on the main domain.

For instance, I think example.com can create cookies which are accessible by *.example.com (site1.example.com, site2.example.com, etc..) but site1.example.com cannot create cookies for site2.example.com.

Therefore, the best way I can see of doing this is to create a master login script on example.com, then modify all forums to redirect to this script when a login is required. Obviously this doesn't address the shared user database issues you may encounter.

Quote:

Originally Posted by CarlitoBrigante

Had another idea... but maybe it's not doable.

What if I include an image in all my websites coming from the same forum's domain. Let's say I have mywebsite2.com and in it I put something like

include("http://mywebsite1.com/printimage.php");

This script will print an image AND will set a cookie for mywebsite2 when the user login in mywebsite2...

I think you're confusing a few techniques here. A way round the multi-site login problem could be to create a login script which can accept the username and password as GET info (part of the URL string) rather than POST info, and put this on each site. Then, in the login handler template, you'd have something along the lines of:

Code:

<?

echo '<img src="http://www.site1.com/login_image.php?username=' . $_POST['username'] . '&password=' . $_POST['password'] . '" />';

?>

Without testing this, I couldn't say if this poses any security risks, but I would favour the master login script method I mentioned above.

Something worth remembering is that if you use PHP to include a file from an external webserver, it will make an HTTP request for that file, which means the file will be executed by PHP on the other server in the same way it would be if you were browsing to it - the diffence is that the "browser" in this case will be your webserver, and not the user, thus any cookies that are set will not go to the user's browser. Also, your server will only see the results of the script after it has been executed on the other server, so will not have access to any of the functions defined within that file.

Hope this all makes sense, and helps

Paul.