sharing session between different application platforms

I had a scenario and want opinion by you people.

I have different web applications developed in Django, Rails, PHP , I want all of them to share the same session data every time. Means if a use is logged in to a PHP app, it can automatically be logged in to Rails app and vise versa.

I know its some kind of Central Authentication Server. Some of these a开发者_运维问答re cas, josso.

What do you people have opinion for it. I want the behavior like Google Apps, when i am logged into Gmail, i can automatically logged into GoogleDocs as well.

Please share your thoughts, that how to implement this scenario?

Google runs entirely off the .google.com domain, which is why they have absolutely no problem using a single cookie to identify you across applications. If your applications all run on the same domain, I'd say go ahead and write a custom implementation to authorize users with a shared session cookie.

However, in the more likely event that this is not the case, you're better off implementing one of the more popular and wide-spread SSO methodologies like OAuth or OpenID seperately in your applications and either giving your users a centralized application at which to authenticate, or let them authenticate via external providers (like Facebook or Google, which supports authenticating via OpenID)

You can run your own OAuth or OpenID endpoint at which your users register and then auth via this endpoint on any of your applications.

In PHP, you can use session_set_save_handler to specify how the session is persistent and restored. I guess Django and Ruby On Rails provide similar means

just store the sessions in the db ore handle them yourself completely

the best approach would be to create a special table for this watch out as php want to store this data sialized so unserialize before storing in the appropiate field as serialized data is too hard to handle

in php you have $_SESSION and session_set_save_handler() but i think it is better for you to make it yourself

make sure all sites use a single cookie domain(ajax onload(to try getting this coockie), or keep the same domain)

In my apps I use SESSION to store a value of logged in user. For example $_SESSION['site1']['bakcend']['loggedin']=1; Than put a session check on other places. They of course are all under same domain.tld If you use above example $_SESSION['site1']['bakcend']['loggedin']=1; you will need a lot of checks if you have many sections. But this is only an opinion, there is a place for much more flexibility.

You can use cookies too.