Re: [PHP] Re: LoginShare | How to authenticate once, and login to different websites
Dear paragasu, Never heard of oAuth before, but I guess that it's complex for my purpose. But I'll take a look at it, I'll use it for the next version. Thank you so much for introducing this great tool! On Wed, Sep 2, 2009 at 5:51 AM, paragasu parag...@gmail.com wrote: why not use ready available php library OAuth? http://oauth.net/ On 9/1/09, Shawn McKenzie nos...@mckenzies.net wrote: Behzad wrote: Dear list, i'm trying to integrate two php-driven web applications, which both require the user to authenticate using a username and a password. Consider a situation where the user has logged-in to the 1st application. She clicks over a hyper-link, which directs her to the 2nd application. The challenge is to automatically authenticate the user on the 2nd application as well. i'm wondering how? Is it secure to store the username and password in the $_SESSION, and share the session between the two applications? Please let me know what do you think. Thank you in advance, -behzad Each application has a mechanism to tell whether the user is loggedin, and if so, who is loggedin. One of the most common is probably a uid or something saved in the session. If both apps are on the same domain and use the same session handler, then you just need to modify each apps login code to set the login stuff for the other app. Possibly create your own login code that sets the login for both apps. Either way, there's no need (and I wouldn't advise) to store the password in the session. If it's not too verbose you can post the login code for each. -- Thanks! -Shawn http://www.spidean.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Kind regards, -behzad
[PHP] Re: LoginShare | How to authenticate once, and login to different websites
Behzad wrote: Dear list, i'm trying to integrate two php-driven web applications, which both require the user to authenticate using a username and a password. Consider a situation where the user has logged-in to the 1st application. She clicks over a hyper-link, which directs her to the 2nd application. The challenge is to automatically authenticate the user on the 2nd application as well. i'm wondering how? Is it secure to store the username and password in the $_SESSION, and share the session between the two applications? Please let me know what do you think. Thank you in advance, -behzad Each application has a mechanism to tell whether the user is loggedin, and if so, who is loggedin. One of the most common is probably a uid or something saved in the session. If both apps are on the same domain and use the same session handler, then you just need to modify each apps login code to set the login stuff for the other app. Possibly create your own login code that sets the login for both apps. Either way, there's no need (and I wouldn't advise) to store the password in the session. If it's not too verbose you can post the login code for each. -- Thanks! -Shawn http://www.spidean.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: LoginShare | How to authenticate once, and login to different websites
why not use ready available php library OAuth? http://oauth.net/ On 9/1/09, Shawn McKenzie nos...@mckenzies.net wrote: Behzad wrote: Dear list, i'm trying to integrate two php-driven web applications, which both require the user to authenticate using a username and a password. Consider a situation where the user has logged-in to the 1st application. She clicks over a hyper-link, which directs her to the 2nd application. The challenge is to automatically authenticate the user on the 2nd application as well. i'm wondering how? Is it secure to store the username and password in the $_SESSION, and share the session between the two applications? Please let me know what do you think. Thank you in advance, -behzad Each application has a mechanism to tell whether the user is loggedin, and if so, who is loggedin. One of the most common is probably a uid or something saved in the session. If both apps are on the same domain and use the same session handler, then you just need to modify each apps login code to set the login stuff for the other app. Possibly create your own login code that sets the login for both apps. Either way, there's no need (and I wouldn't advise) to store the password in the session. If it's not too verbose you can post the login code for each. -- Thanks! -Shawn http://www.spidean.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: LoginShare | How to authenticate once, and login to different websites
Thank you all for your answers. i was looking for a simple and fast answer - I'm going to store the a unique id in the database, and pass it between applications using the $_SESSION. Shawn and Martin, Thank you very much for your help. Kind regards, -behzad