views:

253

answers:

1

Hello,

I need to integrate vBulletin 4.0.3 Publishing Suite with status.net microblogging platform. The first thing I need to do is make these 2 to share 1 session so a user logged in vBulletin forums will also be logged in to status.net and vice versa.

I have installed different vBulletin components under different subdomains:

  1. forums.sample.com - vBulletin forums
  2. blogs.sample.com - vBulletin blogs
  3. sample.com - vBulletin content management

All of these point to the same place (.../public_html/index.php) which includes the respective php file (content.php for sample.com | blog.php for blogs.sample.com | forum.php for forums.sample.com) depending on the $_SERVER['HTTP_HOST']

I have configured vBulletin to use a single cookie.domain (.sample.com) for all of these 3 domains so visiting different domains doesn't break the session.

I also have status.sample.com, which is the subdomain where status.net is installed. The subdomain configuration is different so the document_root is actually a subfolder (.../public_html/status/) in sample.com

Now, can you please give me some pointers on how to make all these subdomains share a single session?

I'm not sure if it helps, but as I understand, status.net does no custom session handling by default, but it is possible to turn it on so it will start storing session data in a database table called "session". vBulletin stores sessions in the database by default.

Any tips will be appreciated.

Thank you.

+1  A: 

Even id they both share the session, it's useless to you. They would have to use the session the same way, meaning:

  • Store the same variables with the same keys (or each application put in session, apart from he data it needs, the data the other one needs).
  • Unless they use exactly the same data to perform the logins, they both would have to have access to username/definitions/whatever's stored in the session of the other application
  • If they stored objects, both would have to have access to the respective class definitions

So, unless you're building your own applications and think about it from the beginning, forget about "sharing sessions". Implement a single sign-on like CAS or OpenID instead.

Artefacto
Does CAS or OpenID allow the same functionality I have planned - user gets logged in/out across the site?
jaz
With CAS, yes. OpenID doesn't have a global sign out.
Artefacto
Well, status.net supports OpenID out of the box, vBulletin does not, but neither of them support CAS. Do you really think it would be much more simple to bring CAS into the mix rather than just update a database row in both ends? Btw I added a comment to my question to help clarify some things you brought up.
jaz
CAS is very simple to implement at a basic, even without using external libraries. OpenID less so, but there's a library in PEAR. If you want to do to it manually, you'll have to hook the login, logout and user creation on both applications. If you decide to add a third application in the future, you'll have to change all three... With that in mind, go ahead if you think CAS/OpenID is too much trouble.
Artefacto
@jaz No, it's not true. You can use a database. See http://www.ja-sig.org/wiki/display/CASUM/Authentication and http://www.ja-sig.org/wiki/display/CASUM/JDBC
Artefacto
Thank you very much, I can see the power of CAS now and I will defintely use this
jaz