RE: [PHP] Re: Central authentication for multiple sites

This is a discussion on RE: [PHP] Re: Central authentication for multiple sites within the PHP General forums, part of the PHP Programming Forums category; Fraser, Kevin is right on, but it wasn't clear to me that you wanted the users to log onto ...


Go Back   Usenet Forums > PHP Programming Forums > PHP General

Reload this Page RE: [PHP] Re: Central authentication for multiple sites

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 09-29-2003
Warren Vail
 
Posts: n/a
Default RE: [PHP] Re: Central authentication for multiple sites
Fraser,

Kevin is right on, but it wasn't clear to me that you wanted the users to log onto each site. Seems you may expect them to go to the site in another browser, or perhaps the same, without having to signon again. Perhaps this can be done if you do a form post to the new domain from the existing one, passing the session key (or some other indication who has signed on) as a hidden variable, and using target="_BLANK" to open a new browser. I would recommend checking that you haven't created a BIG security hole with this one.

Warren Vail

-----Original Message-----
From: Kevin Stone [mailto:kevin@helpelf.com]
Sent: Monday, September 29, 2003 12:33 PM
To: php-general@lists.php.net
Subject: [php] Re: Central authentication for multiple sites


If all domains have access to the same database then there is absolutely nothing preventing you from using a Cookie. Have a normal login on Domain1.com. Once authenticated produce a random ID and store it in the database. Store the ID in a cookie then Redirect the client to the desired domain. The page the client is redirected to checks to see if the ID matches one stored in the database. If it does then the user is valid. A logout request on any one of the domains destroys the ID in the database and erases the cookie. Associate a timestamp with the ID in the database so that you can make the login invalid after a period of no activity.

- Kevin


"Fraser Campbell" <fraser@wehave.net> wrote in message news:200309291512.51582.fraser@wehave.net...
> Hi,
>
> Does anyone know of a way to authenticate a person on one site and have that
> authentication carried through to multiple sites?
>
> Basically I'd like to have someone login on www.domain1.com and then have
> their login be valid on www.domain2.com and www.domain3.com ... the domain
> name is different so I don't see how I could use a common cookie.
>
> The 3 sites in question are hosted on a common server with a common user
> database if that helps but still the domain names that people access the
> sites with are unique.
>
> Any ideas?
>
> Thanks!
> --
> Fraser Campbell <fraser@wehave.net> http://www.wehave.net/
> Halton Hills, Ontario, Canada Debian GNU/Linux
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 08:46 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0