0
I have two distinct services from each other, but both share the same data for authentication, so I made a single-screen entry that gives you the service options that the end user wants to enter. Upon entering it will pass a validation and gain a session name that will be retrieved on the home page of the chosen service.
In the index of each service I recover the session variable, to recover this data I use the server variable, more specifically $_SERVER['HTTP_REFERER']
where I retrieve the last page to retrieve the session itself.
Basically it is a gambiarra that works up to a certain point, because when refreshing the page, the server variable is empty, for not having a concrete reference from where it came out, so I can not use it to authenticate the user. With my current knowledge I see no other way to do this authentication on both services.
I would like to understand a better way of doing this authentication, whether or not I should continue doing so, any opinion is valid.
For ease of understanding, I have made available in blocks each page with brief code to give cohesion to everything I explained above.
AUTHENTICATION PAGE
$some_name = session_name("some_name");
session_set_cookie_params(360, '/', '.digiapp.com.br');
if (!isset($_SESSION)) session_start();
$_SESSION['userId'] = $row_1->id_diretora;
$_SESSION['userNome'] = $row_1->nome_diretora;
$_SESSION['userEmail'] = $row->email_diretora;
$_SESSION['userPass'] = $row->pass_biblioteca_diretora;
SERVICE PAGE 1
if($_SERVER['HTTP_REFERER'] == 'http://login.digiapp.com.br/' || $_SERVER['HTTP_REFERER'] == 'http://login.digiapp.com.br/index.php'){
$some_name = session_name("some_name");
session_set_cookie_params(360, '/', '.digiapp.com.br');
session_start();
}else{
// Destrói a sessão por segurança
session_destroy();
// Redireciona o visitante de volta pro login
header("Location: ../index2.php"); exit;
}
You want to share the session (with all the data that might be in it) or just authentication?
– Marcos Alexandre
With all the data, but the problem is not that, I can recover the data in the index of each service, but I can’t keep them after a refresh, because the variable
$_SERVER['HTTP_REFERER']
loses the reference he had before, so he no longer retrieves the session by the session name, as it does not pass the validation. You can see on service page 1 how I am performing session recovery– Azzi - Digicard
But if you can recover in index, you can at this point, put another criterion to keep the session active in refresh. You can for example create an active variable in SESSION and test if: if($_SESSSION['active'] || $_SERVER['HTTP_REFERER'] == 'http://login.iapp.com.br/' || $_SERVER['HTTP_REFERER'] == 'http://login.iapp.com.br/index.php'){
– Marcos Alexandre
Right, but the session is only retrieved within the IF, so the page will not load, because I made the reference before the session is loaded. I’ve thought of several ways, creating cookie, validating by url... But no luck
– Azzi - Digicard
look, recommend using an authentication service that can be "shared" as Oauth, has easy integration with PHP, will limit the data that has session, but is a market opição that works well and integrates easy to PHP
– Ricardo Pontual