PHP Single Sign On (SSO) generating new session id
Posted
by bigstylee
on Stack Overflow
See other posts from Stack Overflow
or by bigstylee
Published on 2010-05-06T20:46:35Z
Indexed on
2010/05/06
21:28 UTC
Read the original article
Hit count: 321
I am trying to create a single sign on process. The method I have implemented makes use of storing session data in a database.
When a new user comes to the website (www.example2.com) a table of authentication is checked. As this is their first visit to the website, there will be no match.
The browser is redicted to the authentication server www.example1.com/authenticate.php?session_id=ABC123 where ABC123 represents the session id created on www.example2.com. THe session id which is then generated on www.example1.com is stored along side the session id using the parameter set in the URL.
The user is then redirected back to the www.example2.com and a match of session ids should be found.
This WAS working fine in FireFox but when I tried it in Chrome I noticed that the session id being generated when the browser is redirected back to www.example2.com is a new session id. As a result an infinite loop is created. This behaviour has not manifested itself in FireFox aswell.
What is causing the new session id to be generated? More importantly, what can I do to stop it?
Thanks in advance!
EDIT
I had a logically error that was causing an infinite loop. This now works fine again in FireFox but the infinite loop is still occuring in Chrome and Internet Explorer.
© Stack Overflow or respective owner