Jump to content

Authenticating a user between multiple servers?

DWilliams

By DWilliams
in Application Design

 Share

Recommended Posts

DWilliams Member

DWilliams

Posted
Posted

I'm developing an application that consists of several parts. The main website is written in PHP, but there are also several WebSocket servers that the user might need to connect to. The servers are written in C# and have no direct communication with the web server other than via sharing the same database.

 

Where should I start reading to come up with a way to have website logins also authenticate the user on the WebSocket servers? Since the WebSocket connections are all done in client-side JS, nothing it does can be trusted. For example, if I have a WebSocket chat server, I don't want the connecting users to have to re-login but I also don't want to rely on the JavaScript to, for example, say "Hey, my name is Fred". I'd rather have the web server somehow tell the chat server "Yep, he's logged in as Fred, all is good".

Christian F. Member

Christian F.

Posted
Posted

Why not just use the session data from the web server? Since you're already relying upon it to be secure, and the user need to send a cookie to identify the session he's using, you already have all the pieces you need. ;)

xyph Advanced Member

xyph

Posted
Posted

I'm developing an application that consists of several parts. The main website is written in PHP, but there are also several WebSocket servers that the user might need to connect to. The servers are written in C# and have no direct communication with the web server other than via sharing the same database.

 

Where should I start reading to come up with a way to have website logins also authenticate the user on the WebSocket servers? Since the WebSocket connections are all done in client-side JS, nothing it does can be trusted. For example, if I have a WebSocket chat server, I don't want the connecting users to have to re-login but I also don't want to rely on the JavaScript to, for example, say "Hey, my name is Fred". I'd rather have the web server somehow tell the chat server "Yep, he's logged in as Fred, all is good".

 

Each request is independent of the last. The client has to send some sort of authorization token (session token) to the server, which can then verify it's legit with the database.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.