[SOLVED] Cross-domain access control

This topic is locked

[SOLVED] Cross-domain access control	10/11/2010 5:27:40 PM
PHPRunner General questions
O ofi author Is it possible to enable access only to visitors who first log into a site on another domain? I manage one site that is built on an inflexible CMS under the control of our hosting company and my company currently has no budget to revamp our site. So for stuff we need and don't want to involve the hosting company, I've created a second domain where I can install and run anything we want. Corporate politics... In this case, users would visit the main site at domain-1.com and log in. To access a particular database that I can't install there, they would click on a link at domain-1 and be taken to domain-2.com/database. Is it possible to restrict access to those users? Thanks.

Mark as Solved Mark as not solved

3 replies


	Sergey Kornilov admin 10/12/2010
	Here is an idea of how you can make it work. Add a special parameter to link to PHPRunner app i.e. http://server.com/menu.php?secret=1234567890 Add AfterAppInitialized event as follows: `if ($_REQUEST["secret"]) $_SESSION["secret"] = $_REQUEST["secret"]; if (!$_SESSION["secret"]) exit();` If someone will try to access this app directly it simply won't display anything.


O	ofi author 10/12/2010
	Thanks, Sergey. Similar to using the HTTP_REFERER variable, but not browser dependent. I like it.


	Sergey Kornilov admin 10/12/2010
	Some browsers do not populate HTTP_REFERER so this might be a better solution though it's not really that secure.

3 replies

Mark as Solved Reply