Share Sessions with different domains on different servers

Asked

Viewed 139 times

1

I have a little problem. We have 3 sites site1.com site2.com and site3.com. The one site is our master site where we register users and where they log in. We use SESSION to 'LOGIN'. Our problem is to log the same user in site2 and site3 as soon as he logs in site1. What we want is something similar to the Google or Microsoft scheme in which you log into a main website and automatically log into other services.

//Aqui crio a sessão.
 session_start();
 $_SESSION['firstname'] = $row['firstname'];
 $_SESSION['username'] = $row['username'];
 $_SESSION['useremail'] = $row['email'];

//Verifica a sessão
if(!isset($_SESSION['useremail'])){
//Não está logado

}else
{
 //Está logado

}

The problem is that when we recover the SESSION on the sites 2 and 3 does not recover, we studied and saw that it was because the cookies of the server stay on server 1 and so will not. I have also been researching the subject and found some solutions, but it was for same server sites. Can you help us ? Sending a POST to a file on each site to set the session is dangerous or do we have to use DB to do this control? How can we do this ? From now on I thank you all for your help.

  • has an equal question on http://answall.com/questions/92702/share_a-mesma-sess%C3%a3o-in-different-in-the-same-server domains

  • What you want is to make a SSO (Single Sign On), must have posted about it here at Stackoverflow.

  • @Leocaracciolo then what should I do at the time of logging in and registering on all sites a session with the same session ID as the one that was done on site 1? If so, wouldn’t it be risky, like making it easier for someone to steal the session ? Thanks in advance.

  • Patrick A Lima I don’t know, I just pointed you a link that might give you a light. But noticing well there is on the same server so nothing done.

  • kkkkkk. Yes it is on the same server. Our websites are on different servers. Basically what we need is to log into site1 and automatically log into 2 and 3. Just like the Google system or Microsoft. I’ve been thinking about making a POST p/ each site with the Session ID p/ make it register on the sites the same session, theoretically this could work, but I don’t know if it is correct/ Safe to do this.

  • The simplest way to do this would involve passing the session ID as a GET parameter from a page in one domain to a page in the other domain. Then, on the other domain, you would take the session ID and create a new session using that ID. Although this is a simple way to do it, it is not very safe and allows session hijacking.

  • A better way would be to use the database to create a record with the session id on it, set a short time limit on it and pass the ID of that record to the other domain. The other domain then take the database record and create a session with it. If the record in the database has passed its expiration, it would not take the session. This would provide better protection against session hijacking

  • Note: I’ve already given you the translation of this post http://stackoverflow.com/questions/4759312/session-share-across-multiple-domains-on-same-server

  • kkkkk Ah yes. So only two thing, about that you spoke of the database of registering there, as I would p/ the site 2 and 3 know that the person already

  • kkk, this has to ask there in the station Ypiranga, ie in the link I gave you. I will ask there.

  • Ah ok. I’ll see there. Thanks in advance for the help

  • No gave, have to register there too. ;)

  • I just walked in but says I don’t have enough points kkkk what a thing eh

  • I gave you a few more points on your question

  • kkk Thanks more will not give. Stackoverflow is separating my profile from here to the site in English. So there I have zero points and I can’t comment, says I need 50 points.

  • you can from one server access a database from another server?

  • Yes with you, I’ve done this test.

Show 13 more comments
No answers

Browser other questions tagged

You are not signed in. Login or sign up in order to post.