sendsessionid.php
<?php
require_once("cookie.php");
$next = false;
$idx = isset($_GET['idx'])?(int)$_GET['idx']:0;
$d = $domains[$idx];
if ($_GET['key'] == $signedsessionkey) {
session_id($_GET['sessionid']);
error_log("starting session in $d");
session_start();
} else {
error_log("NOT starting session in $d");
}
if (!isset($domains[$idx+1])) {
error_log("all done");
header('Location: '.$_GET['orig']);
} else {
header('Location: http://'.$domains[$idx+1].'/sendsessionid.php?orig='.urlencode($_GET['orig']).'&sessionid='.urlencode($_GET['sessionid']).'&key='.urlencode($_GET['key'])."&idx=".($idx+1));
}
exit;
?>
cookie.php
<?
$secretkey = "blah blah";
$domains = array("neocrat.com","nonstatic.com");
sort($domains);
$signedsessionkey = !isset($_GET['sessionid'])?"":md5($_GET['sessionid'].$secretkey);
?>
setcookies.php
<?
require_once("cookie.php");
session_start();
header("Location: http://".$domains[0]."/sendsessionid.php?orig=".urlencode($_SERVER['SERVER_NAME'])."&sessionid=".session_id()."&key=".md5(session_id().$secretkey));
exit;
?>