Cross domain authentication with PHP and MySQL

[andnos]

Hello.. Can anybody suggest the best way to authenticate users on two or more domains on a LAMP servers?

Are there any tutorials out there that might help me with this?

Thanks in advance

 

[feherke]

Hi

So you have more domains hosted as virtual host on the same server ? Then they are able to use the same resources, like the same user table. Then the cross-domain authentication could be already given.

Feherke.

http://rootshell.be/~feherke/

 

[andnos]

Feherke, thanks for reply.
They can share the same database, and that's what I'm planning on doing, but how do I detect that when a visitor was properly authenticated on domain1.com, and then they visit domain2.com, that they are already authenticated?

 

[feherke]

Hi

Set the [tt]domain[/tt] attribute of the session cookie to make it available for all domains. If this was the question...

Feherke.

http://rootshell.be/~feherke/

 

[andnos]

I thought this wasn't possible in PHP. Do I do something like this:

setcookie("TestCookie", $value, time()+36000, "/", ".");

where that lost dot means every domain?

Thanks for helping.

 

[feherke]

Hi

Oops, I was quite unclear. Each cookie has its own domain, so for multiple domains you have to manage multiple cookies "manually".

But note that some browsers may not allow site to set such cookies. Better rely only on the server side.

Feherke.

http://rootshell.be/~feherke/

 

[andnos]

I figured this out, and wanted to post this for others.

What I did is call up a PHP script from DOMAIN1 on DOMAIN2, which produced an 1x1 image and at the same time set a cookie on the DOMAIN1. So now I am able to cross authenticate.

 

[jpadie]

the other way to do it is to pass the SID or other UID in the links or forms that move the browser from one domain to the other.

php can automagically rewrite the links for you.