tags:

views:

164

answers:

7
+3  Q: 

Persistent login info from server to server

Hi, I am currently working on 2 web servers, One Coldfusion and the other PHP.

Right now, the Coldfusion server is my main server where users log in to access restricted data. However, I have also begun using a PHP server and want to make it transparent for users to access a specific page on that server - that server requires log in information as well.

I do not want the users to log in twice.

Is there a way to accomplish this ?

Thx

UPDATE: Working in an Intranet environment, so I can't use any public solution.

UPDATE: Reason I am asking for this is because we are moving from a MSQL / Coldfusion environment (Initial server) to a PHP / ORACLE (new server). So I have 2 user tables as well (although they contain mostly the same information). I am trying to faze out the use of our initial server in favor of our new server transparently to the user and thus I have to work in parallel for the time being.

+3  A: 

Store sessions in a database, and share them between the two apps.

astropanic  2009-09-03 13:20:45
+1  A: 

You could use xml-rpc to get user data and log the user into the other site when they have a login cookie for the first one and vice versa.

Php manual page for XML-rpc

code_burgar  2009-09-03 13:21:45
A: 

How about implementing an OpenID solution, much like the one apparent on StackOverflow?

Evernoob  2009-09-03 13:51:03
Wow. I vote for this idea.!
Aviator  2009-09-03 13:52:22
Ya that would be great, however, I am working in an intranet environment, so all solutions have to be hosted locally. :(
vinnybozz  2009-09-03 13:52:47
With OpenID, you still have to enter your user name and password on each site don't you? I could be wrong.
Sohnee  2009-09-03 13:54:15
In that case, as codeburger suggested, you could pass on a login cookie.. @sohnee. I dont think so. Because i logged onto my gmail in my laptop and when i open stackoverflow and click on login, its automatically logging in...
Aviator  2009-09-03 13:56:02
@vinnybozz You could also run an openid provider yourself if you want to (locally)?
Alfred  2009-09-04 03:08:32
+4  A: 

Most single-sign-on solutions work a bit like this...

  1. Main system authenticates use
  2. User opts initiates a need to move to system 2
  3. Main system authenticates the user with system 2 in the background
  4. System 2 supplies a random, long and disposable token to Main system
  5. Main system redirects the user, with the token, to system 2
  6. System 2 checks the token (and other factors such as IP address) to validate the session
  7. System 2 disposes of the token to ensure it can't be replayed

You would want to ensure that the transmission channels had some security on, especially where Main system and system 2 are talking to each other. You would want that to be a secure transport.

Sohnee  2009-09-03 13:53:18
in the current setup, the login tables are also distinct. Would this still work ?
vinnybozz  2009-09-03 14:37:01
You'd need some knowledge of the link - i.e. external userid.
Sohnee  2009-09-04 06:55:21
+1  A: 

If you are on an intranet, you can actually sniff out the network username of the user from the PC they are logged into the network on using PHP. This assumes that:

  1. You are using IIS to host your PHP application.
  2. Your users are using Windows.

Check the section "2.2 Enabling Support for Detecting Usernames" here.

After that, all you need to do is investigate if the same is possible from Coldfusion, and you have the basis of an SSO solution based on the network usernames.

John Collins  2009-09-03 15:48:27
You can do the same in ColdFusion. A cfdump of the CGI variables scope should give all the information one would want.
Al Everett  2009-09-03 16:55:53
A: 

You may benefit from dropping a shared object on the client machine via Flash or Flex. This object could then be read from ColdFusion/PHP/Python on servers that otherwise had no connection to each other or access to a common database.

Here is a simple example from the Adobe Docs

Maintain local persistence. This is the simplest way to use a shared object, and does not require Flash Media Server. For example, you can call SharedObject.getLocal() to create a shared object in an application, such as a calculator with memory. When the user closes the calculator, Flash Player saves the last value in a shared object on the user's computer. The next time the calculator is run, it contains the values it had previously. Alternatively, if you set the shared object's properties to null before the calculator application is closed, the next time the application runs, it opens without any values. Another example of maintaining local persistence is tracking user preferences or other data for a complex website, such as a record of which articles a user read on a news site. Tracking this information allows you to display articles that have already been read differently from new, unread articles. Storing this information on the user's computer reduces server load.

Full Information: http://livedocs.adobe.com/flex/3/langref/flash/net/SharedObject.html

Aaron Greenlee  2009-09-04 09:51:46
+1  A: 

Here is what I have done, in running my own game server, had users on sql server, and on mysql, and wanted to integrate them both.

  1. I made sure that if a user was created on 1 system, was also created on the other.

  2. So you can modify code in both applications, to automatically create a user in other system if it is created on here.

  3. Depending if both servers share a domain, can you do cross-domain sessions or cookies...But my best guess is to store and retreive data...

Or..

  1. as a person logins/registers record their current ip address, on both servers, then check if this person was on the other server within 2-5 minutes, if so, use the ip address to identify them....

  2. This system is tricky because timing is important, so your not leaving a huge hole in your security....But for short term, going between servers, this is simplest solution, in my own opinion.

Good Luck.

crosenblum  2009-10-21 18:05:29

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases