Re: [PHP] User Authentication across multiple server

2009-03-06 Thread Michael A. Peters 

Edmund Hertle wrote:

Hey,

I've got 2 server, both having the same authentication scripts and using the
same database. My problems are:
1.: User logs in on server1 -> trys to use a part of the site which is
physically located on server2 -> has to login again on server2
2.: There is a wiki on server2, which also depends on the same
user-database-table. Is there a way to login the user automatically to that
wiki?

The only method which possibly could work and came to my mind was using
somehow $_GET parameter for username and password (encrypted).

Thoughts?

-eddy



Do you use the database for your session management?
If you do, since both servers talk to the same database, it should be easy.

ini_set("session.cookie_domain",".yourdomain.org");

Any server on your domain will be able to read the session cookie, and 
if your sessions are database driven, authenticate the session ID.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] User Authentication across multiple server

2009-03-06 Thread j's php general 
On Fri, Mar 6, 2009 at 5:14 PM, Paul Scott  wrote:
> On Fri, 2009-03-06 at 10:09 +0100, Edmund Hertle wrote:
>
>> The only method which possibly could work and came to my mind was using
>> somehow $_GET parameter for username and password (encrypted).
>
> Set a cookie and crypt that (RC4 works well) and then check for the
> cookie on both sites. Kind of like a "Remember me" type deal
>
> -- Paul
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

I believe you can do this with a database to handle session, I haven't
used that myself though.

-- 
-
http://www.lampadmins.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] User Authentication across multiple server

2009-03-06 Thread Paul Scott 
On Fri, 2009-03-06 at 10:09 +0100, Edmund Hertle wrote:

> The only method which possibly could work and came to my mind was using
> somehow $_GET parameter for username and password (encrypted).

Set a cookie and crypt that (RC4 works well) and then check for the
cookie on both sites. Kind of like a "Remember me" type deal

-- Paul


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php