is it possible 2 sites having unique login system [duplicate]

This question already has answers here: Closed 10 years ago.

Possible Duplicate:

Single Sign On - how to implement?

I have 2 different web sites, one for promotion purposes and the other for selling the 开发者_如何学Pythonproducts using cs-cart.

How do i add the feature that will log a user into their cs-cart website when they log in to the promotion website?

---

This is a well known requirement called Single Sign On, and there's a few standards for implementing it. The basic concept is that one website (the identity consumer) can delegate user authentication requests to another website (the identity provider), rather than evaluating requests itself. In your case, one of your sites would be the provider while all your other affiliated sites would be the consumers.

The first standard is SAML, maintained by the OASIS standards group. SAML is open and massive, and most real world examples only implement a small subset of the entire SAML specification. Google has a SAML SSO integration and there's a pretty good PHP library called SimpleSAML that covers most of the desirable use cases.

Another standard that solves this problem is OpenID. I've never dealt with it, but a good example implementation is Stack Overflow itself.

There's also Facebook Connect that solve similar problems and relies on Facebook to be the identity provider.

This is a hot topic right now as specialized service providers seek to integrate their platforms with other providers. Good luck.

---

Create page site.old/superlogin.php that send user authorization cookie and redirect him to site.promo

After site.promo login redirect user to site.old/superlogin.php?token=userUniqueTokenToAuthIt (and it will be auth and redirected back)

---

You can easily if the sites work off the server so they can share the same database. You could use cookiese but I can't see a way where they could easily be changed and it not cause problems. How I would do it is have whenever they register/login it puts their IP in the database with the user information so that you can check the IP whenever they go to both sites.

---

You have site1 and site2.
User has logged in on site1.

1. When he visits site2 - browser is redirected to site1-authorization-page where it checks if the user is already logged in.
2. This script marks (in database of site2 or the same DB) user "logged_in_at_site2"=True (or something like that).
3. Browser is redirected to site2. (At this stage user is already marked as logged)

also a cookie for site2 must be created, to identify user after last redirection.

Good practice for you in understanding all this will be making login with social networks. (Facebook for example)

---

I have done that using Java, but also possible with PHP, you have an option of using cookies but that only works for same domain, also you can use third party solution (which I recommend) you can find Opensource solutions at

http://code.google.com/apis/apps/open_source_projects.html#sso

lemme know if you need help with that, Good Luck

---

Yes, only if this two sited share same database