SitePoint Sponsor

User Tag List

Results 1 to 11 of 11
  1. #1
    Cha, Cha, Cha!!! Gamermk's Avatar
    Join Date
    Aug 2005
    Posts
    604
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    PHP cross domain Single Sign-on

    I've done extensive research to no avail (and noticed that similar sitepoint threads on this topic died in the past too to no avail)

    I'm looking for a chunk of PHP code that allows a user to sign into a single form which will authenticate them with multiple domains simultaneously.

    Any help or direction would be greatly appreciated.
    People don't read ads. They read what interests them,
    and sometimes that happens to be an ad.
    TrulyBored.com | TankingTips.com

  2. #2
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    There is no magic chunk of PHP that can do that.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  3. #3
    eschew sesquipedalians silver trophy sweatje's Avatar
    Join Date
    Jun 2003
    Location
    Iowa, USA
    Posts
    3,749
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Perhaps Zend_OpenId
    Jason Sweat ZCE - jsweat_php@yahoo.com
    Book: PHP Patterns
    Good Stuff: SimpleTest PHPUnit FireFox ADOdb YUI
    Detestable (adjective): software that isn't testable.

  4. #4
    SitePoint Member
    Join Date
    Mar 2008
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You need to keep in mind that almost all browsers (for obvious security reasons, XSS and the like) will only allow websites to set cookies for their own domain, they also only allow to read cookies for their own domain.

    This means that your PHP installation on blah.com, is extremely unlikely to even note the presence of a cookie set on bleh.com.

    logic's reply sums this up quite nicely.

  5. #5
    SitePoint Addict
    Join Date
    Apr 2004
    Location
    Melbourne
    Posts
    362
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Although if all of the domains have access back to a central session manager (either DB or memcache based) then you can automate the process to a certain extent.

  6. #6
    SitePoint Guru dbevfat's Avatar
    Join Date
    Dec 2004
    Location
    ljubljana, slovenia
    Posts
    684
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Tanus: not really, because session cookie is also domain-bound. The best approach to this problem would be OpenID. The worst would be to develop your own OpenID system.

  7. #7
    SitePoint Wizard REMIYA's Avatar
    Join Date
    May 2005
    Posts
    1,351
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You can have one login server central for all your applications.

    Then on users first entrance redirect to the login server.

    If the user is already logged in redirect him back to his account.

    If login is required redirect him to your account login page.


    Hope this helps

  8. #8
    SitePoint Member
    Join Date
    Oct 2007
    Posts
    21
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I cannot AJAX login and remember login (keep signed in) with OpenID, any solution?
    Last edited by dom.killer; Jun 10, 2008 at 14:59.

  9. #9
    SitePoint Addict
    Join Date
    Feb 2007
    Posts
    251
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Don't use an AJAX login? Really, why does the login have to use AJAX?

  10. #10
    SitePoint Addict
    Join Date
    Apr 2004
    Location
    Melbourne
    Posts
    362
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by dbevfat View Post
    Tanus: not really, because session cookie is also domain-bound. The best approach to this problem would be OpenID. The worst would be to develop your own OpenID system.
    Yeah, I've been caught up too much with subdomains hosted on different boxes, for which you can set the cookie domain to be something like *.tld.com...

    Have you checked out CAS authentication?

  11. #11
    PHP/Rails Developer Czaries's Avatar
    Join Date
    May 2004
    Location
    Central USA
    Posts
    806
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If all your domains connect to the same database, you MIGHT be able to keep the user signed on with some sort of method that captures the IP address, browser version, operating system, etc. and then do lookups on that information on each site from that same central database and then restore the user login on the new domain.

    That being said, it is still possible to have 2 users with the same IP address and the same browser/OS combination, so even that isn't really a truly secure method. With the domain limitation on cookies, I'm not sure this is possible to do dynamically.

    I suppose one possible option would be to append all the links to your other sites with some sort of query string variable that would restore their session information if that is set when they first enter the site, but you're still going to have some sort of central database to store all the session information that each site will have access to.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •