Behzad wrote: > Dear list, > > i'm trying to integrate two php-driven web applications, which both > require the user to authenticate using a username and a password. > > Consider a situation where the user has logged-in to the 1st application. > She > clicks over a hyper-link, which directs her to the 2nd application. The > challenge > is to automatically authenticate the user on the 2nd application as well. > > i'm wondering how? > Is it secure to store the username and password in the $_SESSION, and > share the session between the two applications? > > Please let me know what do you think. > > Thank you in advance, > -behzad >
Each application has a mechanism to tell whether the user is loggedin, and if so, who is loggedin. One of the most common is probably a uid or something saved in the session. If both apps are on the same domain and use the same session handler, then you just need to modify each apps login code to set the login stuff for the other app. Possibly create your own login code that sets the login for both apps. Either way, there's no need (and I wouldn't advise) to store the password in the session. If it's not too verbose you can post the login code for each. -- Thanks! -Shawn http://www.spidean.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
