authentication system. php

we have main server and sub-servers. and we can consider these sub server as separate applications. when user want to login at their application, the au开发者_JS百科thentication must be perform at main server and it should return true or false. then user session is created at application side. my problem is, just sending true or false is not safe. i want to generate token like how facebook does. I am not getting how to develop secured authentication system. pls can any one help me

You do not have to develop your own system. Take a look at http://php.net/manual/en/book.oauth.php and search for some oauth tutorials. oauth is a token based system used by many webservices including the services provided by google.

I recommend using a CAS server if you need to authenticate in one place to use a service in another, especially if you have several applications that need to authenticate from it. You can learn about it here: http://www.jasig.org/cas