Cross domain login - what to store in the database?

Posted by Jenkz on Stack Overflow See other posts from Stack Overflow or by Jenkz
Published on 2010-03-24T17:39:43Z Indexed on 2010/03/24 17:43 UTC
Read the original article Hit count: 434

Filed under:
|
|

I'm working on a system which will allow me to login to the same system via various domains. (www.example.com, www.mydomain.com, sub.domain.com etc)

The following threads form the basis of my research so far:
Single Sign On across multiple domains
Cross web domain login with .net membership

What I want to happen is that If I am logged in on the master domain and I visit a page on a client domain to be automatically logged in on the client.

Obviously If I am not logged in on the master, I will need to enter my username and password.

Walkthrough:
1. User logs in on master site
2. User navigates to client site
3. Client site re-directs to master site to see if User is logged in.
4. If User is logged in on master, record a RFC 4122 token ID and send this back to the client site.
5. Client site then looks up the token ID in the central database and logs this user in.

This might eventually end up running on more than once instance of PHP and Apache, so I can't just store:

token_id, php_session_id, created

Is there any problem with me storing and using this:

token_id, username, hashed_password, created

Which is deleted on use, or automatically after x seconds.

© Stack Overflow or respective owner

Related posts about php

Related posts about cross-domain