brick Posted November 10, 2008 Share Posted November 10, 2008 Hi All, The title may not make very clear what I am trying to achieve, so I'll try and explain it better now. I have 2 sites. I want to call the login service on site 2 from site 1 using cURL; the URI for site 2 looks like this (and is called via cURL on site 1): http://secondsitedomain.com/remote?username=admin&password=admin This, I was hoping, would log the user into site 2 from site 1 - then show site 2 in an iFrame inside of site 1. However, it doesn't appear to create the logged in session on site 2 when I call that URI via cURL. So, my question is, does a call like the URI above not create the session locally when called via cURL? Of course it works as expected if the URI is put directly into the browser address bar! Just not when called via cURL. Any pointers muchly appreciated, Brick... Quote Link to comment https://forums.phpfreaks.com/topic/132120-using-curl-to-start-remote-site-session/ Share on other sites More sharing options...
JonnoTheDev Posted November 10, 2008 Share Posted November 10, 2008 Do you have the following options set: curl_setopt($ch, CURLOPT_COOKIEJAR, '/tmp/cookie.txt'); curl_setopt($ch, CURLOPT_COOKIEFILE, '/tmp/cookie.txt'); Quote Link to comment https://forums.phpfreaks.com/topic/132120-using-curl-to-start-remote-site-session/#findComment-686666 Share on other sites More sharing options...
rhodesa Posted November 10, 2008 Share Posted November 10, 2008 No, using CURL starts a session for the server calling it, not the users browser Quote Link to comment https://forums.phpfreaks.com/topic/132120-using-curl-to-start-remote-site-session/#findComment-686668 Share on other sites More sharing options...
rhodesa Posted November 10, 2008 Share Posted November 10, 2008 if you have control over the second sites authentication methods, you could try this: Use cURL to access http://secondsitedomain.com/remote?username=admin&password=admin and have that (if successful) generate a unique key, using something like: md5(rand()) store that value on the second server, and then return print it on the page (so the first server gets it as the return value of the cURL request). then, forward the user to the second server like this: http://secondsitedomain.com/auth.php?key=<put the key from above here> have the second server look up the key, and allow the person in if it matches. On the second server, make sure this unique key expires shortly after creation (10 seconds should be plenty...30 seconds if you want to be safe) Quote Link to comment https://forums.phpfreaks.com/topic/132120-using-curl-to-start-remote-site-session/#findComment-686686 Share on other sites More sharing options...
brick Posted November 17, 2008 Author Share Posted November 17, 2008 Thanks rhodesa, I took the unique key that expires route and it works a treat. I guess the more thorough approach would be the replication of session between the server making the cURL call and the client. Maybe I can investigate this if we have time later down the road. Thanks again for your feedback. Brick... Quote Link to comment https://forums.phpfreaks.com/topic/132120-using-curl-to-start-remote-site-session/#findComment-691951 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.