Results 1 to 7 of 7

Thread: Single Sing On

  1. #1
    Join Date
    Nov 2010
    Posts
    115
    Thanks
    27
    Thanked 0 Times in 0 Posts

    Default Single Sing On

    Hi All,

    I am having two zendframework websites running on the different servers. I want to use one sign in for both of them. I know it is possible by having facebook connect or google connect. But i dont want to use any third party sing-in. I am already having 100 users in first website(example:abc.com), now for my second website(example:my.abc.com) i need my users to sing in with same credentials of first website. How can i do it? Can anyone tell me a way to do it

  2. #2
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,164
    Thanks
    265
    Thanked 690 Times in 678 Posts

    Default

    If you have two subdomains (x.com and my.x.com) this is possible. Just set the login cookie to *.x.com and it will work for all of them.
    But if you have two unrelated domains, this basically isn't possible.
    You could do it by having a link to log the user into the other domain (eg, including the username and password), but that's obviously not very secure. It's possible to generate some sort of more secure method, like making a special code to log into the new site, but it would still require lots of work to be secure, and also would require specifically logging them in from your site, rather than just making it happen automatically when they visit the other site.


    Also, not the spelling sign, rather than 'sing'. That's not too crucial here, except that it will help if you search for it I assume you do know this, but it seems that you're typing too fast.
    Daniel - Freelance Web Design | <?php?> | <html>| espa˝ol | Deutsch | italiano | portuguŕs | catalÓ | un peu de franšais | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum

  3. #3
    Join Date
    Nov 2010
    Posts
    115
    Thanks
    27
    Thanked 0 Times in 0 Posts

    Default

    Thanks for that suggestion, i will try that. I just want to know, will it work if domains are same and the servers are different?

  4. #4
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,164
    Thanks
    265
    Thanked 690 Times in 678 Posts

    Default

    It's a security issue regarding the cookie on the client's computer. That has nothing to do with the servers.

    But there will be a different problem with using two servers-- they won't be communicating. So the cookie from Server A will be meaningless on Server B. If they share a database to check logins, however, that will not be a problem. They can share the same logins table. (Alternatively you could find some other server-to-server communication method, but a database is probably easiest for that anyway.)
    Daniel - Freelance Web Design | <?php?> | <html>| espa˝ol | Deutsch | italiano | portuguŕs | catalÓ | un peu de franšais | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum

  5. #5
    Join Date
    Nov 2010
    Posts
    115
    Thanks
    27
    Thanked 0 Times in 0 Posts

    Default

    Actually, i am having two databases for two servers. I just want to use only users tables, how can i share a database to check logins?
    Can u tell me, where exactly i should start from?
    Last edited by hemi519; 04-23-2012 at 06:35 AM.

  6. #6
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    So, two databases, but only one users table?

    Provided both sites can log onto the DB with the users table, that would work just fine (though probably not how you expect - users would still sign in twice. If the sites need to share data, pull from only one DB. If it's a load issue, use load balancing over two (or more) servers. You'd need to talk to your host or hire dedicated it guy for something like this).

    I would go about it differently - use AJAX to send the user's login cookie when you're not on the same domain. Store the cookie value -along with the session info- in your DB so you can check it from either site.

    sorry, to clarify -- you would need to add a hidden iframe (or something) that points to the first domain, in order to make the cookie available.

    you might also use html5 cross-document messaging, where it's supported. I don't have first-hand experience with either of these methods, unfortunately, but it should be fairly easy to find resources for.

    Edit:
    on second thought, this is now my recommendation:

    for your users that allow third-party cookies, you could simply set a "logged in" cookie for both domains when the user signs in to one or the other.

    Last edited by traq; 04-23-2012 at 03:23 PM.

  7. #7
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,164
    Thanks
    265
    Thanked 690 Times in 678 Posts

    Default

    There is one sneaky way around this: load an image from each domain (even a hidden of 1-pixel image), after logging in. Use a code like I suggested before. This will allow you to set a cookie when the image loads from that server. Of course it will need to be a dynamic PHP-based image.

    But anyway, this is complicated. And I really don't see the point in using two databases. It just makes it more work for you.
    Daniel - Freelance Web Design | <?php?> | <html>| espa˝ol | Deutsch | italiano | portuguŕs | catalÓ | un peu de franšais | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •