Auto logging in a user

Question

I am currently using a small PHP backend to manage a website and recently I added another functionality via a separate script. This script also requires a log in and my client finds it tedious and bothersome to have two different log on's. Therefore, I was wondering if it possible to create a script or otherwise that could possibly auto login him into the secondary script when a link is clicked (this one would be available via a menu in the original backend).

Otherwise what are my options? How hard would it be to change the authentication of script 1 to fit script 2?

Thank you.

Answer 1

You have a few options.

1) Autolog him in using his stored login credentials with a simulated web-browser script, but no website does this.

2) More elegantly, use cookies and sessions. With his correct log-in, create a unique session ID (long enough to be computationally hard to replicate in that time session) that expires after x-time limit or deleted on him logging-out. This session ID will be stored in a separate file on the server (database ideally for speed) that you check with the cookie (that you set on his initial login and which also wrote the file on the server) on each page that requires a user logged in. (You check the cookie, compare it to the session id, when it checks out serve the page, else fail).

That's it, simple.

Answer 2

If you are using $_SESSION variables then there will be no need for any auto log on as this is a global variable and will recognize the user as long as the script is in the same website/domain.

Answer 3

You will need this.

http://simplesamlphp.org/
I solved this problem by passing parameter from site1 logged in user when they access script page of site2.