I'm having a little problem. I am developing an application in PHP that is divided into modules. Each module is completely independent, is on a separate server and has an own domain. eg:
www.moduloprincipal.com.br, www.modulo2.com.br, www.modulo3.com.br, etc ...
The problem is that I need that when a user to authenticate to one of the modules (either) the user can access the same user other modules without having to authenticate again.
Currently each application is on a different server, but if necessary they are in the same server, it would not be a problem.
IMPORTANT:
Read several threads, but found no solution really safe. Will be interesting to use OAuth?
Currently the application uses $ _SESSION to authenticate users, but you can use $ _COOKIE smoothly.
I'm using CodeIgniter
Translated by Google Translate. Sorry ...
Application servers are able to handle this scenario using "session replication". With session replication, each server will have a copy of the active users session. IF the first request goes to server A and second request goes to server B, it will be transparent to application code and end user.
Assume you have both domains as virtual servers on one machine and you havent called session_save_path() (or you have called it with the same directory on both servers), you can share sesssion using session_id('..'); For example if you have 2 domains, origin1.
Two options from the top of my head that you can explore:
Set all servers the same path for saving its session data, see session.save_path directive. That location could be a NFS share or a NAS location that all your servers could access.
The other option is to implement a database session handler, so the session data could be shared among all your servers accessing the same database server. So take a look at PHP docs for custom session handlers.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With