On Mon, 2007-06-04 at 08:06 +0530, Sudheer Satyanarayana wrote: > Hi, > > We have three web sites > a) example1.com > b) example2.com > c) my.example2.com > > > Our sites include exclusive pages for registered users. All user account > management tasks are handled by my.example2.com including registration, > modification, cancellation, etc. We would like to create a single sign > on system for all the three web sites. The user would sign on with a > single username and password to all three web sites. For example, when > the user visits a membership page in example1.com he would be prompted > to sign on to his account. His credentials are stored in > my.example2.com. my.example2.com is now fully functional. After the > successful sign on, the user would be redirected to original membership > page in example1.com. > > How would I pass the information from my.example2.com to example1.com > about the authentication status of user? > > We use MySQL database to store and retrieve user account details in > my.example2.com. The web host does not allow remote database connections. I'd pass a session identifier to example1.com, then when example1.com detects a session synch, it would use a webservice to call home to my.example2.com and request verification of the session. You will probably want to have some extra checks in place too, like a timestamp that expires, maybe user browser information, etc to help validate. Cheers, Rob. -- .------------------------------------------------------------. | InterJinn Application Framework - http://www.interjinn.com | :------------------------------------------------------------: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `------------------------------------------------------------' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
