10

I'm having a little problem. I am developing an application in PHP that is divided into modules. Each module is completely independent, is on a separate server and has an own domain. eg:

www.moduloprincipal.com.br, www.modulo2.com.br, www.modulo3.com.br, etc ...

The problem is that I need that when a user to authenticate to one of the modules (either) the user can access the same user other modules without having to authenticate again.

Currently each application is on a different server, but if necessary they are in the same server, it would not be a problem.

IMPORTANT:

  1. Read several threads, but found no solution really safe. Will be interesting to use OAuth?

  2. Currently the application uses $ _SESSION to authenticate users, but you can use $ _COOKIE smoothly.

  3. I'm using CodeIgniter

Translated by Google Translate. Sorry ...

user875690
  • 227
  • 1
  • 3
  • 8
  • For reasons why OAuth is not the right choice (and for an alternative), see [http://stackoverflow.com/questions/2033026/sso-with-cas-or-oauth](http://stackoverflow.com/questions/2033026/sso-with-cas-or-oauth) – George Cummins Apr 26 '13 at 19:05

1 Answers1

11

Two options from the top of my head that you can explore:

  • Set all servers the same path for saving its session data, see session.save_path directive. That location could be a NFS share or a NAS location that all your servers could access.

  • The other option is to implement a database session handler, so the session data could be shared among all your servers accessing the same database server. So take a look at PHP docs for custom session handlers.

Nelson
  • 49,283
  • 8
  • 68
  • 81