Behzad wrote:
> Dear list,
> i'm trying to integrate two php-driven web applications, which both
> require the user to authenticate using a username and a password.
> Consider a situation where the user has logged-in to the 1st application.
> She
> clicks over a hyper-link, which directs her to the 2nd application. The
> challenge
> is to automatically authenticate the user on the 2nd application as well.
> i'm wondering how?
> Is it secure to store the username and password in the $_SESSION, and
> share the session between the two applications?
> Please let me know what do you think.
> Thank you in advance,
> -behzad

Each application has a mechanism to tell whether the user is loggedin,
and if so, who is loggedin.  One of the most common is probably a uid or
something saved in the session.  If both apps are on the same domain and
use the same session handler, then you just need to modify each apps
login code to set the login stuff for the other app.  Possibly create
your own login code that sets the login for both apps.  Either way,
there's no need (and I wouldn't advise) to store the password in the
session.  If it's not too verbose you can post the login code for each.


PHP General Mailing List (
To unsubscribe, visit:

Reply via email to