CODEWITHSUNDEEP
phpsessioncookies
Chris
Chris

Reputation: 6233

How to check whether a user is logged in on another domain?

I would like to build a community page for a browser game community (the browser game is not mine, so I can not add any code). Now I would like to check on my website whether the user is logged in into the browser game. Only in that case the user should be able to see the content. Since you cannot read cookies, which were set on another domain, is there any possible way to achieve this?

Upvotes: 0

Views: 2702

Answers (2)

MightyE
MightyE

Reputation: 2679

If you control both domains, you can do so. A simple but nonsecure approach would be to use JavaScript to breach same-origin policy. Have a simple script running in your browser game like:

<?php
$info = array(
    'isLoggedIn' => $_SESSION['isLoggedIn'],
    'loggedInAs' => $_SESSION['userName']
    );
echo "gameInfo = ".json_encode($info).";";

On your community page, you can use JavaScript to determine if they are logged in:

<script src="http://gamesite.com/jsGameStatus.php"></script>
<script>
alert(gameInfo.isLoggedIn 
    ? 'Logged In as '+gameInfo.loggedInAs 
    : 'Not logged in');
</script>

Again, not super secure (someone could fudge those values). If you want something more secure, you're going to need to be able to tie the two sides together in some way - your community users accounts are going to have to know what their game account IDs are, and then you can use a simple remote call from the community site to know whether the game user is logged in or not.

Upvotes: 0

Praveen Kumar Purushothaman
Praveen Kumar Purushothaman

Reputation: 167172

You can use something like a CAS. Central Authentication Server, where, when the session is not set for the first domain, it would be like this:

Domain example.net:

<?php
session_start();
if(!isset($_SESSION["user"]))
{
    header('Location: http://auth.example.com/?from=example.net');
    die();
}
// Rest of the content!
?>

And for the domain auth.example.com:

<?php
session_start();
if(!isset($_SESSION["user"]))
{ ?>
    <!-- form to get login credentials -->
<?php } else {
     if(isset($_GET["from"]) && isset($_SESSION["user"]))
         header('Location: http://example.net/auth.php?authcode=' . yourEncryptFunction($_SESSION["user"]));
} ?>

Hope this helps! :)

Upvotes: 4

Related Questions