Hi All,

I am having two zendframework websites running on the different servers. I want to use one sign in for both of them. I know it is possible by having facebook connect or google connect. But i dont want to use any third party sing-in. I am already having 100 users in first website(example:abc.com), now for my second website(example:my.abc.com) i need my users to sing in with same credentials of first website. How can i do it? Can anyone tell me a way to do it

If you have two subdomains (x.com and my.x.com) this is possible. Just set the login cookie to *.x.com and it will work for all of them.
But if you have two unrelated domains, this basically isn't possible.
You could do it by having a link to log the user into the other domain (eg, including the username and password), but that's obviously not very secure. It's possible to generate some sort of more secure method, like making a special code to log into the new site, but it would still require lots of work to be secure, and also would require specifically logging them in from your site, rather than just making it happen automatically when they visit the other site.


Also, not the spelling sign, rather than 'sing'. That's not too crucial here, except that it will help if you search for it ;) I assume you do know this, but it seems that you're typing too fast.

Thanks for that suggestion, i will try that. I just want to know, will it work if domains are same and the servers are different?

It's a security issue regarding the cookie on the client's computer. That has nothing to do with the servers.

But there will be a different problem with using two servers-- they won't be communicating. So the cookie from Server A will be meaningless on Server B. If they share a database to check logins, however, that will not be a problem. They can share the same logins table. (Alternatively you could find some other server-to-server communication method, but a database is probably easiest for that anyway.)

Actually, i am having two databases for two servers. I just want to use only users tables, how can i share a database to check logins?
Can u tell me, where exactly i should start from?

So, two databases, but only one users table?

Provided both sites can log onto the DB with the users table, that would work just fine (though probably not how you expect - users would still sign in twice. If the sites need to share data, pull from only one DB. If it's a load issue, use load balancing over two (or more) servers. You'd need to talk to your host or hire dedicated it guy for something like this).

I would go about it differently - use AJAX to send the user's login cookie when you're not on the same domain. Store the cookie value -along with the session info- in your DB so you can check it from either site.

sorry, to clarify -- you would need to add a hidden iframe (or something) that points to the first domain, in order to make the cookie available.

you might also use html5 cross-document messaging, where it's supported. I don't have first-hand experience with either of these methods, unfortunately, but it should be fairly easy to find resources for.


on second thought, this is now my recommendation:

for your users that allow third-party cookies, you could simply set a "logged in" cookie for both domains when the user signs in to one or the other.

There is one sneaky way around this: load an image from each domain (even a hidden of 1-pixel image), after logging in. Use a code like I suggested before. This will allow you to set a cookie when the image loads from that server. Of course it will need to be a dynamic PHP-based image.

But anyway, this is complicated. And I really don't see the point in using two databases. It just makes it more work for you.