Menu
I have hosted 2 website, these two website use same database to populate data. eg: users - table has user login details, both website users can access their login via this table.
Now I want to do this:
Before access both website they need to login.
My "Website A" has link call "Read More" when user click on it, that user should be redirect to "Website B". Now I want to skip "Login" process from B website(because that user already loged in A). How to do that,
I got mind this option, but less security:
B_website/?username=abc&password=123&page=12
I guess this is not good option, what are the ways i can do this with keep high security?
628
Instead, you use a special URL format, like this: http://username:[email protected]/ -- this sends the credentials in the standard HTTP "Authorization" header. It's possible that whoever you were speaking to was thinking of a custom module or code that looked at the query parameters and verified the credentials.
In your Web session – General tab – enter your web browser URL. Then in the Login tab, click on the Authentication mode drop-down menu and select Form. Next, in the Credentials tab, enter your username and password. In the Html Control ID tab, you'll notice two options: Automatic and Discover.
Browsers will keep you logged in by using some sort of browser storage. (for example cookies or localStorage or...). This data is called session data. Html pages are stateless, that means when you refresh a page, all data that came from the server previously, are removed, and have to be requested again.
No no no - do not pass the username + password in plain text in the URL!
I would recommend taking a look at how you know that the user is logged in on site A. Is there some sort of flag in your database marking this user as logged in? Could site B somehow be aware of this flag? Since your two sites share a database, this would definitely be possible.
Consider the following scenario:
If the login token sent by the user matches the record in the database you can skip the authentication phase and mark that user as logged into site B.
173
Server sessions are basically hand-designed to solve this problem. If your websites already access the same database you can utilize a PHP built-in feature, which is to create a session_handler that opens a database connection and stores your session in a database table.
I am personally a big fan of Symfony's HttpFoundation (see below). However, you can do this natively without relying on any outside libraries.
Start by creating a table (this is a MySQL table, but it should be pretty easy to adapt this:
CREATE TABLE sessions (
sess_id VARBINARY(128) NOT NULL,
data BLOB NOT NULL,
sess_expires int(11) UNSIGNED NOT NULL
) COLLATE utf8_bin, Engine=InnoDB;
Next, create a session handler session_set_save_handler(), as per PHP Documentation. Create callable functions, and assign each function like so:
Create the database connection.
Closes the database connection.
Retrieves session from the database.
Stores session in the database.
Destroys the session.
Cleans old session data based on your system settings.
Here are some different implementations. They all should work so whichever one you find most attractive can be used as a base. Once you settle on your style, you simply copy the code in each of your client sites and it will pull a shared session!
A tutorial by Chris Shiflett is probably the most basic and accessible if you are unfamiliar with much of how this sort of thing would work.
DevShed has an object oriented approach which can probably be copied and pasted for the most part. They also do a good job explaining how to use the session in other places.
HttpFoundation - Uses locking and other mechanisms and is pretty much get-up-and-go. If you follow object oriented programming and are familiar or interested in Composer, this is an absolute breeze to get set up.
36
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
