1
I have a little problem. We have 3 sites site1.com site2.com and site3.com. The one site is our master site where we register users and where they log in. We use SESSION to 'LOGIN'. Our problem is to log the same user in site2 and site3 as soon as he logs in site1. What we want is something similar to the Google or Microsoft scheme in which you log into a main website and automatically log into other services.
//Aqui crio a sessão.
session_start();
$_SESSION['firstname'] = $row['firstname'];
$_SESSION['username'] = $row['username'];
$_SESSION['useremail'] = $row['email'];
//Verifica a sessão
if(!isset($_SESSION['useremail'])){
//Não está logado
}else
{
//Está logado
}
The problem is that when we recover the SESSION on the sites 2 and 3 does not recover, we studied and saw that it was because the cookies of the server stay on server 1 and so will not. I have also been researching the subject and found some solutions, but it was for same server sites. Can you help us ? Sending a POST to a file on each site to set the session is dangerous or do we have to use DB to do this control? How can we do this ? From now on I thank you all for your help.
has an equal question on http://answall.com/questions/92702/share_a-mesma-sess%C3%a3o-in-different-in-the-same-server domains
– user60252
What you want is to make a SSO (Single Sign On), must have posted about it here at Stackoverflow.
– Inkeliz
@Leocaracciolo then what should I do at the time of logging in and registering on all sites a session with the same session ID as the one that was done on site 1? If so, wouldn’t it be risky, like making it easier for someone to steal the session ? Thanks in advance.
– Patrick A Lima
Patrick A Lima I don’t know, I just pointed you a link that might give you a light. But noticing well there is on the same server so nothing done.
– user60252
kkkkkk. Yes it is on the same server. Our websites are on different servers. Basically what we need is to log into site1 and automatically log into 2 and 3. Just like the Google system or Microsoft. I’ve been thinking about making a POST p/ each site with the Session ID p/ make it register on the sites the same session, theoretically this could work, but I don’t know if it is correct/ Safe to do this.
– Patrick A Lima
The simplest way to do this would involve passing the session ID as a GET parameter from a page in one domain to a page in the other domain. Then, on the other domain, you would take the session ID and create a new session using that ID. Although this is a simple way to do it, it is not very safe and allows session hijacking.
– user60252
A better way would be to use the database to create a record with the session id on it, set a short time limit on it and pass the ID of that record to the other domain. The other domain then take the database record and create a session with it. If the record in the database has passed its expiration, it would not take the session. This would provide better protection against session hijacking
– user60252
Note: I’ve already given you the translation of this post http://stackoverflow.com/questions/4759312/session-share-across-multiple-domains-on-same-server
– user60252
kkkkk Ah yes. So only two thing, about that you spoke of the database of registering there, as I would p/ the site 2 and 3 know that the person already
– Patrick A Lima
kkk, this has to ask there in the station Ypiranga, ie in the link I gave you. I will ask there.
– user60252
Ah ok. I’ll see there. Thanks in advance for the help
– Patrick A Lima
No gave, have to register there too. ;)
– user60252
I just walked in but says I don’t have enough points kkkk what a thing eh
– Patrick A Lima
I gave you a few more points on your question
– user60252
kkk Thanks more will not give. Stackoverflow is separating my profile from here to the site in English. So there I have zero points and I can’t comment, says I need 50 points.
– Patrick A Lima
you can from one server access a database from another server?
– user60252
Yes with you, I’ve done this test.
– Patrick A Lima
Let’s go continue this discussion in chat.
– user60252