roopurt18 Posted July 20, 2008 Share Posted July 20, 2008 Say a business partnership is made between the makers of Product A and Product B. Each product has its own authentication system. What's the best to log a user into both systems when they log into either product? Quote Link to comment Share on other sites More sharing options...
corbin Posted July 20, 2008 Share Posted July 20, 2008 Are they on the same host? Edit: Oh, based on the title their not. But, still asking, just in case. Quote Link to comment Share on other sites More sharing options...
roopurt18 Posted July 21, 2008 Author Share Posted July 21, 2008 No, they're not. Quote Link to comment Share on other sites More sharing options...
tibberous Posted July 21, 2008 Share Posted July 21, 2008 That really depends on how the systems are setup currently. You could make a new table and keep two copies of it, one on each server. When a user logged in on either system, the server could send a request to the other server to let it know to store a new session record, and the session records could be stored in cookies because they'll expire. So, lets say I log in at Site A. Site A adds me to it's session table, it stores my user id, a timestamp, and a huge hash. Then, it sends all that data to Site B, which makes an identical record. It also stores the hash as a cookie on my computer. Now, whenever I go to either site, it just checks to make sure I have a valid hash, and if I do, I'm logged in. The easiest way to do the server to server communication is probably http requests, that way you don't need anything except Apache (ie: no persistently running socket apps) I think you can use file_get_contents to send get parameters in the URL, but if you want something a lot more robust, Manuel Lemos wrote a CURL alternative that handles get, post and even file transfers. Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted July 21, 2008 Share Posted July 21, 2008 It also stores the hash as a cookie on my computer Isn't this where that all falls down? You wouldn't be able to set the cookie for the second site. I'm struggling to see a way around that to be honest. Quote Link to comment Share on other sites More sharing options...
roopurt18 Posted July 21, 2008 Author Share Posted July 21, 2008 I guess site A could embed and iframe pointing to a URL on site B; the URL has any info needed in it and site B sets the cookie. Terribly insecure though. Quote Link to comment Share on other sites More sharing options...
The Little Guy Posted July 21, 2008 Share Posted July 21, 2008 1 Database, mysql can login to remote databases. Quote Link to comment Share on other sites More sharing options...
Daniel0 Posted July 21, 2008 Share Posted July 21, 2008 1 Database, mysql can login to remote databases. You still have the problem with the cookies. Quote Link to comment Share on other sites More sharing options...
roopurt18 Posted July 21, 2008 Author Share Posted July 21, 2008 I think I know how this can be done, but I don't like it. User logs into site A and authenticates as normal. In addition, site A generates a unique hash and sends it to site B along with the user it belongs to. Site B stores the hash. In the final output, include an img-tag that points to a script on site B; this script must accept the unique hash generated previously. The browser will try and load the image and hit the script on site B, which can compare the provided hash to its database. If the hash is found in the database, site B also starts a session and stores info for the user being logged in. Then site A can link to site B normally and site B should pick up that the user is logged in. It's messy and I really don't want to implement it though. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.