Home/ Questions/Q 6138289
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T17:51:13+00:00

Hi thanks in advance… I am Working on a Project, I need some clarification

  • 0

Hi thanks in advance…
I am Working on a Project, I need some clarification to share data between two sites in a high secure manner. Currently I am using Form Post to share data. But I think about if there is an option to get site-1 session-data from site-2, because I think using a session is more secure. I don’t know how to use a sessions between two sites, but I hope someone here will know.

Like this:
Site 1 Coding 

$_SESSION['customer_id'] = 'XYZ';  
$_SESSION['total_amount'] = '100';  

<a href=https://site2.com/do.php?session_id=<?=$_SESSION['session_id']?>>Click Here</a>

Site 2 Code in do.php 

$session_id = $_REQUEST['session_id'];  
$shared_data = bla_bla_bla_function($session_id);  

$customer_id = $shared_data['customer_id'];  
$total_amount = $shared_data['total_amount'];

or is there any way to do the secure data sharing between two website other than form post, please tell me.
Thank you
Yours,
Kaartikeyan R

Found Solution

I have send the Customer ID and Amount via CURL to the Second Website, in that create a Record in Table for this and generate Encrypted ID with the Record ID, and return the encrypted ID.

So in the First website i get the Encrypted ID, and use it on URL redirection to Second website.

On the Second Website with the Encrypted ID i get the Customer ID and Amount.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Urk. First off, never, EVER do this:

    $session_id = $_REQUEST['session_id'];

    This causes a security truck-hole we refer to as ‘session fixation’ ( read more: http://en.wikipedia.org/wiki/Session_fixation ).

    It seems you’re pretty heavy on security. If you need to share data from site 1 to site 2, you should do it through a single consumption bridge:

    1). Click on a link on Site 1 to a handler file, let’s call it redir.php.

    2). Redir.php first checks the existing session data.

    3). Redir.php writes relevant info into a DB row, along with some sort of identifier (say, an MD5 hash of the user ID + ‘_’+ current time), plus a ‘consumed’ flag, set false.

    4). Redir.php does a 301 redirect to Site 2, along with the identifier.

    5). Site 2 reads the relevant row out of the DB.

    6). If the data is good and has not yet been ‘consumed’, return a success and mark the data as consumed.

    7). If the data has been consumed, throw some sort of error.

    There are more complex ways of doing this, but I think this handles what you’re trying to do.

    • 0