PHP sessions using cross domain form processor

Question

I have a download page on my site. In order to reach it you have to fill out a form, unfortunately due to legacy coding beyond my control the form is processed via a script on another domain (where our crm lives).

I am having trouble passing the session value that is added when you successfully submit the form to the download page. Again, the user fills out a form, form is processed and the session value added and they should be returned to the download page.

The download page should be inacessible in any other situation. Don't want people bypassing the form and going straight to the download.

processor script code

<?PHP
  session_start();
  //lots of database stuff

  //successful insertion to database
  if (($row = mysql_fetch_assoc($result)))
    {
        $redirect .= '?sessionid=xvyXXXXX';
        header("Location: http://" . $redirect);
    }
?>

software download page code

<?php
$code = $_GET['sessionid'];

if(strcmp( $code , 'xvyXXXXX'  ) != 0) {
    header("Location: http://kinetick.com/V3/download-registration.php");
} else {
       header("Location: http://kinetick.com/V3/download-software.php");
}
?>

I can't get this to work. Is there another way taking into account the processor script is on another domain? currently when I remove the if/else and put a print its showing an empty array. Need some help big time! thx all

Answer 1

header("Location: http://" . $redirect);

this line will eventually look like this...

http://?sessionid=1234xxx

missing something?

yes

should be http://domain.com/somepage.php?sessionid=1234xxx

... I would rather check out the curl library as this will hide the session id and user would never know what session id was passed to that website unless they have read this post :)