Reputation: 337
How to make crossdomain authorization?
There are 2 domains on one server. If user is logged on one domain he has to be logged on the another domain too. How to make cross-domain authorization in php on one server? I solved it for sub-domains, but can't solve for different second-level domains.
Upvotes: 2
Views: 2346
Answers (2)
Reputation: 5378
You must research for CAS and implement it depending on what framework you are using. For example, in my Zend application I would use Zend_OpenId and Zend_Oauth .
Upvotes: 1
Reputation: 56572
The main problem is that the cookie isn't send by the browser if you're on another domain.
You can't make the browser to write a cookie for another domain, too.
What can be done is send a unique token to the other domain, and when validated, write a cookie on the second domain. That can be done when authenticated, using an iframe or a double-redirect (iframe cookies are blocked by some browsers, like safari). The unique token will have to be validated by the second domain, and then invalidated (removed) so it can't be used again by another user (man in the middle attack).
Upvotes: 2
Related Questions
- PHP Sessions across sub domains
- PHP Session login crossing between sites on same server
- Secure and Flexible Cross-Domain Sessions
- PHP cross subdomain session for subdomain on different server
- Cross domain PHP Sessions
- PHP login in one domain then using the session in another one
- How to implement auth cross site?
- PHP session across multiple domains
- Loggin a user across different domains
- Sharing session information between 2 domains?