Dear paragasu, Never heard of oAuth before, but I guess that it's complex for my purpose. But I'll take a look at it, I'll use it for the next version. Thank you so much for introducing this great tool! On Wed, Sep 2, 2009 at 5:51 AM, paragasu <paragasu@xxxxxxxxx> wrote: > why not use ready available php library OAuth? > > http://oauth.net/ > > On 9/1/09, Shawn McKenzie <nospam@xxxxxxxxxxxxx> wrote: > > Behzad wrote: > >> Dear list, > >> > >> i'm trying to integrate two php-driven web applications, which both > >> require the user to authenticate using a username and a password. > >> > >> Consider a situation where the user has logged-in to the 1st > application. > >> She > >> clicks over a hyper-link, which directs her to the 2nd application. The > >> challenge > >> is to automatically authenticate the user on the 2nd application as > well. > >> > >> i'm wondering how? > >> Is it secure to store the username and password in the $_SESSION, and > >> share the session between the two applications? > >> > >> Please let me know what do you think. > >> > >> Thank you in advance, > >> -behzad > >> > > > > Each application has a mechanism to tell whether the user is loggedin, > > and if so, who is loggedin. One of the most common is probably a uid or > > something saved in the session. If both apps are on the same domain and > > use the same session handler, then you just need to modify each apps > > login code to set the login stuff for the other app. Possibly create > > your own login code that sets the login for both apps. Either way, > > there's no need (and I wouldn't advise) to store the password in the > > session. If it's not too verbose you can post the login code for each. > > > > -- > > Thanks! > > -Shawn > > http://www.spidean.com > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > -- Kind regards, -behzad
