Persistent login info from server to server

Question

I am currently working on 2 web servers, One Coldfusion and the other PHP.

Right now, the Coldfusion server is my main server where users log in to access restricted data. However, I have also begun using a PHP server and want to make it transparent for users to access a specific page on that server - that server requires log in information as well.

I do not want the users to log in twice.

Is there a way to accomplish this ?

Thx

UPDATE: Working in an Intranet environment, so I can't use any public solution.

UPDATE: Reason I am asking for this is because we are moving from a MSQL / Coldfusion environment (Initial server) to a PHP / ORACLE (new server). So I have 2 user tables as well (although they contain mostly the same information). I am trying to faze out the use of our initial server in favor of our new server transparently to the user and thus I have to work in parallel for the time being.

Answer 1

Most single-sign-on solutions work a bit like this...

1. Main system authenticates use
2. User opts initiates a need to move to system 2
3. Main system authenticates the user with system 2 in the background
4. System 2 supplies a random, long and disposable token to Main system
5. Main system redirects the user, with the token, to system 2
6. System 2 checks the token (and other factors such as IP address) to validate the session
7. System 2 disposes of the token to ensure it can't be replayed

You would want to ensure that the transmission channels had some security on, especially where Main system and system 2 are talking to each other. You would want that to be a secure transport.