why not use ready available php library OAuth?


On 9/1/09, Shawn McKenzie <nos...@mckenzies.net> wrote:
> Behzad wrote:
>> Dear list,
>> i'm trying to integrate two php-driven web applications, which both
>> require the user to authenticate using a username and a password.
>> Consider a situation where the user has logged-in to the 1st application.
>> She
>> clicks over a hyper-link, which directs her to the 2nd application. The
>> challenge
>> is to automatically authenticate the user on the 2nd application as well.
>> i'm wondering how?
>> Is it secure to store the username and password in the $_SESSION, and
>> share the session between the two applications?
>> Please let me know what do you think.
>> Thank you in advance,
>> -behzad
> Each application has a mechanism to tell whether the user is loggedin,
> and if so, who is loggedin.  One of the most common is probably a uid or
> something saved in the session.  If both apps are on the same domain and
> use the same session handler, then you just need to modify each apps
> login code to set the login stuff for the other app.  Possibly create
> your own login code that sets the login for both apps.  Either way,
> there's no need (and I wouldn't advise) to store the password in the
> session.  If it's not too verbose you can post the login code for each.
> --
> Thanks!
> -Shawn
> http://www.spidean.com
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to