[nycphp-talk] Single Signon Multiple Domains
Jiju Thomas Mathew
lists at silmail.com
Tue Mar 27 06:29:35 EDT 2007
>
>
> Basically yes. If you don't want to (or can't) have the client carry
> some state with it, then you're pretty much locked into using a central
> database to store cross site session data. There's just no other way
> for site B to know that the user authenticated successfully with site
> A without site A and site B sharing data.
>
>
I had once explored this method, client wanted something like passport
login, used by hotmail.
There were about 30 tlds, and the client needed a single signon, what we did
was to maintain
one single authentication table, and update that with the userdata and a
cookie hash. Each domain
also had a session validator, that just fetched the data from the central
table and stored into the php
sessions, using php http client class. The user data would be fetched only
if the data is not
existing in the session, and the cookie hash is received.
--
Jiju Thomas Mathew
http://www.php-trivandrum.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070327/b96c6417/attachment.html>
More information about the talk
mailing list