Re: [nyphp-talk] Single Signon Multiple Domains

Brian Dailey wrote: (By the way, I know an IP address *won't* work, it was a theoretical question.) I've had this same problem before and I'm curious to see how others have solved it. Reinventing the wheel is a waste of time in most circumstances. When it comes to security, reinventing th

Re: [nyphp-talk] Single Signon Multiple Domains

I actually have George's book beu never had time to flip through it, guess this is as good a time as any. Thanks for the tip that it is between the covers :) -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. http://www.codebowl.com/ Blog: http://www.josephcrawford.com/ 1-80

Re: [nyphp-talk] Single Signon Multiple Domains

Good recommendation Flavio! - Original Message - From: "Flavio daCosta" <[EMAIL PROTECTED]> To: "NYPHP Talk" Sent: Tuesday, March 27, 2007 3:22 AM Subject: Re: [nyphp-talk] Single Signon Multiple Domains > On 03/26/2007 06:10 PM, Joseph Crawford wrote: >

Re: [nyphp-talk] Single Signon Multiple Domains

Basically yes. If you don't want to (or can't) have the client carry some state with it, then you're pretty much locked into using a central database to store cross site session data. There's just no other way for site B to know that the user authenticated successfully with site A without site A

Re: [nyphp-talk] Single Signon Multiple Domains

On 03/26/2007 06:10 PM, Joseph Crawford wrote: > The company I am working for wants to have a single signon for multiple > sites that will be on different domains. George Schlossnagle has a complete explanation and implementation in his excellent book: "Advanced PHP Programming" flav

Re: [nyphp-talk] Single Signon Multiple Domains

On Mon, 26 Mar 2007 23:12:35 -0400 "Joseph Crawford" <[EMAIL PROTECTED]> wrote: > I am guessing this talk of a central server is a central domain like > erenetwork.com > which would hold all the session data in the database. Whenever someone > accesse say domainA.com it would redirect to erenetwo

Re: [nyphp-talk] Single Signon Multiple Domains

I am guessing this talk of a central server is a central domain like erenetwork.com which would hold all the session data in the database. Whenever someone accesse say domainA.com it would redirect to erenetwork.com, get the session data then redirect to domainA. with the session id in the header

Re: [nyphp-talk] Single Signon Multiple Domains

http://www.melbournechapter.net/wordpress/programming-languages/php/cman/2006/06/15/sharing-a-session-across-multiple-domainsservers-with-php/ - Original Message - From: Joseph Crawford To: NYPHP Talk Sent: Monday, March 26, 2007 5:31 PM Subject: Re: [nyphp-talk] Single

Re: [nyphp-talk] Single Signon Multiple Domains

On Mon, 26 Mar 2007 18:10:21 -0400 "Joseph Crawford" <[EMAIL PROTECTED]> wrote: > Guys, > > The company I am working for wants to have a single signon for multiple > sites that will be on different domains. I know that you cannot use a > cookie accross domains. Is there a way to do this > aside

Re: [nyphp-talk] Single Signon Multiple Domains

On 3/26/07, Joseph Crawford <[EMAIL PROTECTED]> wrote: I know it is possible just look at Google.com and Gmail.com. Yeah, but my address bar says "https://mail.google.com/mail/..."; right now. I guess that's how they worked that out. :) -c ___ New Yo

Re: [nyphp-talk] Single Signon Multiple Domains

On Mon, Mar 26, 2007 at 06:10:21PM -0400, Joseph Crawford wrote: > > The company I am working for wants to have a single signon for multiple > sites that will be on different domains. The code in the Single Sign-On module I made for Drupal may provide some direction for you. http://drupal.org/p

Re: [nyphp-talk] Single Signon Multiple Domains

You cannot rely on the IP Address. Think about AOL, they use a proxy server and the users IP can change without a reboot of the modem. Also think about a computer lab that is on 1 IP address. -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. http://www.codebowl.com/ Blog:

Re: [nyphp-talk] Single Signon Multiple Domains

(By the way, I know an IP address *won't* work, it was a theoretical question.) I've had this same problem before and I'm curious to see how others have solved it. Joseph Crawford wrote: right but how will i know that it is the same user without being able to store a hash in a cookie etc.

Re: [nyphp-talk] Single Signon Multiple Domains

is accessed and the login persisted. - Original Message - *From:* Joseph Crawford <mailto:[EMAIL PROTECTED]> *To:* NYPHP Talk <mailto:talk@lists.nyphp.org> *Sent:* Monday, March 26, 2007 5:10 PM *Subject:* [nyphp-talk] Single Signon Multiple Domai

Re: [nyphp-talk] Single Signon Multiple Domains

right but how will i know that it is the same user without being able to store a hash in a cookie etc. I know i can store the data for the user but associating the user with that data again could be tough -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. http://www.codebow

Re: [nyphp-talk] Single Signon Multiple Domains

Sent: Monday, March 26, 2007 5:10 PM Subject: [nyphp-talk] Single Signon Multiple Domains Guys, The company I am working for wants to have a single signon for multiple sites that will be on different domains. I know that you cannot use a cookie accross domains. Is there a way to do

[nyphp-talk] Single Signon Multiple Domains

Guys, The company I am working for wants to have a single signon for multiple sites that will be on different domains. I know that you cannot use a cookie accross domains. Is there a way to do this aside from passing a hash via querystring or POST form? The reason I ask is because we cannot al