why not use ready available php library OAuth? http://oauth.net/ On 9/1/09, Shawn McKenzie <nospam@xxxxxxxxxxxxx> wrote: > Behzad wrote: >> Dear list, >> >> i'm trying to integrate two php-driven web applications, which both >> require the user to authenticate using a username and a password. >> >> Consider a situation where the user has logged-in to the 1st application. >> She >> clicks over a hyper-link, which directs her to the 2nd application. The >> challenge >> is to automatically authenticate the user on the 2nd application as well. >> >> i'm wondering how? >> Is it secure to store the username and password in the $_SESSION, and >> share the session between the two applications? >> >> Please let me know what do you think. >> >> Thank you in advance, >> -behzad >> > > Each application has a mechanism to tell whether the user is loggedin, > and if so, who is loggedin. One of the most common is probably a uid or > something saved in the session. If both apps are on the same domain and > use the same session handler, then you just need to modify each apps > login code to set the login stuff for the other app. Possibly create > your own login code that sets the login for both apps. Either way, > there's no need (and I wouldn't advise) to store the password in the > session. If it's not too verbose you can post the login code for each. > > -- > Thanks! > -Shawn > http://www.spidean.com > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
