silvercover Posted October 19, 2012 Share Posted October 19, 2012 I have two seperate web app both written in php. one is a simple online store that needs users to be logged in and place their orders and the other one is a ticketing system that needs users to be logged in too. So how can I share a logged in session between these two apps to prevent users from multiple sign in process? what is the best way to do this? Thanks. Link to comment https://forums.phpfreaks.com/topic/269678-how-to-share-a-logged-in-session-between-to-web-app/ Share on other sites More sharing options...
JohnTipperton Posted October 19, 2012 Share Posted October 19, 2012 use the same $SESSION for web app and ticketing system.. since you will not destroy the session until the user Logs Out. Link to comment https://forums.phpfreaks.com/topic/269678-how-to-share-a-logged-in-session-between-to-web-app/#findComment-1386325 Share on other sites More sharing options...
ManiacDan Posted October 19, 2012 Share Posted October 19, 2012 If the web apps are on different URLs, John's solution won't work. You can use some sort of oauth or saml code to allow your sites to share login information. It's difficult to allow two different domains to share a login. Link to comment https://forums.phpfreaks.com/topic/269678-how-to-share-a-logged-in-session-between-to-web-app/#findComment-1386327 Share on other sites More sharing options...
shlumph Posted October 19, 2012 Share Posted October 19, 2012 Are they on the same server? If they are, and they are under different subdomains or domains, you'll have to set the session cookie domain to be the same in both projects. If they are on different servers with different IP addresses, you'll probably have to create some sort of web service to interface the two projects. Link to comment https://forums.phpfreaks.com/topic/269678-how-to-share-a-logged-in-session-between-to-web-app/#findComment-1386328 Share on other sites More sharing options...
TOA Posted October 19, 2012 Share Posted October 19, 2012 It's difficult to allow two different domains to share a login. Agreed. I did something similar at work; we merged several other programs (provided by other companies) into one and needed SSO capabilities. We did it using $_GET vars and a whole lot of validating. Seems to work ok. Link to comment https://forums.phpfreaks.com/topic/269678-how-to-share-a-logged-in-session-between-to-web-app/#findComment-1386329 Share on other sites More sharing options...
ManiacDan Posted October 19, 2012 Share Posted October 19, 2012 Are they on the same server? If they are, and they are under different subdomains or domains, you'll have to set the session cookie domain to be the same in both projects. If you set the session cookie domain to be different than the domain of the site, it won't work. We did it using $_GET vars and a whole lot of validating. Seems to work ok. Dangerous for a public web app, GET vars can be intercepted, bookmarked, and accidentally emailed/IMed. Link to comment https://forums.phpfreaks.com/topic/269678-how-to-share-a-logged-in-session-between-to-web-app/#findComment-1386334 Share on other sites More sharing options...
TOA Posted October 19, 2012 Share Posted October 19, 2012 Dangerous for a public web app, GET vars can be intercepted, bookmarked, and accidentally emailed/IMed. Only way the other company would do it, so out of my control I tried to convinve them to implement Oauth but no-go. Lazy dev's I think. We're actually done with them Jan 1 so we won't have that issue anymore. It worked for a year or so though.. Link to comment https://forums.phpfreaks.com/topic/269678-how-to-share-a-logged-in-session-between-to-web-app/#findComment-1386336 Share on other sites More sharing options...
JohnTipperton Posted October 19, 2012 Share Posted October 19, 2012 If the web apps are on different URLs, John's solution won't work. You can use some sort of oauth or saml code to allow your sites to share login information. It's difficult to allow two different domains to share a login. yes but if he is using in a same domain it will work in a 2 different domains it will be hard though. what about create a 2 different session name then store the value in those 2 session so if the user access the other site it will automatically login, Link to comment https://forums.phpfreaks.com/topic/269678-how-to-share-a-logged-in-session-between-to-web-app/#findComment-1386338 Share on other sites More sharing options...
ManiacDan Posted October 19, 2012 Share Posted October 19, 2012 yes but if he is using in a same domain it will work in a 2 different domains it will be hard though. If it's two pages on the same website, then yes it will work. Two separate sites (domains) will never work what about create a 2 different session name then store the value in those 2 session so if the user access the other site it will automatically login,What? Link to comment https://forums.phpfreaks.com/topic/269678-how-to-share-a-logged-in-session-between-to-web-app/#findComment-1386371 Share on other sites More sharing options...
JohnTipperton Posted October 20, 2012 Share Posted October 20, 2012 If it's two pages on the same website, then yes it will work. Two separate sites (domains) will never work What? for example www.mysite1.com the session name is $_SESSION['site1'] www.mysite2.com the session name is $_SESSION['site2'] if you login the mysite1 save the $_SESSION['site1'] and $_SESSION['site2'] same as the mysite2. i mean when you login the site you are saving the 2 different session variable. Link to comment https://forums.phpfreaks.com/topic/269678-how-to-share-a-logged-in-session-between-to-web-app/#findComment-1386512 Share on other sites More sharing options...
ManiacDan Posted October 22, 2012 Share Posted October 22, 2012 That's not how sessions work, at all. $_SESSION is completely different between two sites. They are not shared. Link to comment https://forums.phpfreaks.com/topic/269678-how-to-share-a-logged-in-session-between-to-web-app/#findComment-1386870 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.