Avatar of Jazzy 1012
Jazzy 1012
 asked on

Login in to one site, automatically logs in me to another

I have this a main site that logins users to their profiles, How can I make it that if a user is logged in into the main site, then they are automatically logged in to the secondary site (whole other site & server). Do I have to use file get contents?
PHP

Avatar of undefined
Last Comment
Julian Hansen

8/22/2022 - Mon
David Favor

How you do this relates specifically to how your session management is handled.

If this is your first time doing this, likely good for you to research various ways WordPress does this + extract whatever code seems like it can be modified for your specific session management approach.

Likely GitHub will be a good starting point.

There is no single answer for this, as there are many factors to consider.

Also, if you're running multiple site instances/copies, then be sure to look at how WordPress handles multi-instance, session management.
Julian Hansen

This depends on what you have access to in terms of the servers in question.

The latest trend for solving this problem is to use JWT (JSON Web Tokens). With JWT authorisation you can do third party authentication.

When you authenticate with your primary server the server generates a JWT - this is stored in localStorage on the client. With each request to the server the token is added to the header of the request - where it is retrieved on the server side and validated.

When you need to authenticate to a third party you still include the token in the header - the second server can then authenticate the token locally or make an API request back to the primary server to validate the token.

More on JWT's here https://jwt.io/
Jazzy 1012

ASKER
Is there a way to do it with file_get_contents, and I send the email and password to the other url
Your help has saved me hundreds of hours of internet surfing.
fblack61
David Favor

This all depends on your session management.

With WordPress, how this is done is all clearly defined.

With custom code, only the developer knows the code they've written, so the developer will be the person to answer this question.

Likely this will include both ends - initial site where login occurs + then other sites.

You might be able to accomplish this via URLs + again this depends on code involved.

When clients ask me about this type of infrastructure, I tell them to use WordPress + write their code as plugins, to leverage WordPress session management... because... session management is a bear to get working correctly in all situations.
Jazzy 1012

ASKER
I have this so far:
<?php 
session_start();
require "new_connection.php";

$email = $_SESSION['email'];
$user_id = $_SESSION['id'];
file_get_contents("http://blog.jasmine.com/?e=$email");
if($_SESSION['send_to'] == 1)
{
		header("Location: ../profile");
		exit();
}else{
	
	header("Location: ../deliveries");
	exit();	
}

?>

Open in new window

But its not sending to blog.jasmine anything because if I do it from the url in my browser to see if the blog site is accepting it does, but when I do it through here, it does not.
Julian Hansen

You need to understand how sessions work - you cannot share them between two servers.

When you start a session a cookie with a session_id is linked to your client. To establish a session on another server would require creating the session there and then having that site put a cookie on the client.

The only way to do this reliably is with a shared token that both sites can validate and that is included in all requests from client.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Jazzy 1012

ASKER
Yes I did that the other site to accept the session when the url is for example:
http://blog.jasmine.com/?e=test@mail.com

It works but im having troubling sending it, my file_get_contents is not sending that url to the browser.
Julian Hansen

my file_get_contents is not sending that url to the browser.
file_get_contents reads in a file - it does not have anything to do with the browser.

If it was possible to pass a session across in a URL every single site on the net would be compromised.

The only way to share sessions is for both servers to char a token that is not cookie based as cookies are bound to domain and protocol.
Jazzy 1012

ASKER
there isnt a way to trigger a url (go to it without actually going to it)?
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
David Favor

Read my previous update.

Whether you can trigger this with a URL request or not depends heavily on how session handling code is implemented for each site.

Engage developers which wrote code for each site involved to determine if this will work or not.
Julian Hansen

there isnt a way to trigger a url (go to it without actually going to it)?
This does not make sense. How do you knock on a door without knocking on it.

To establish a session with another computer you need either to visit and authenticate with that server or used a token based security protocol.
Jazzy 1012

ASKER
The other server of the other site, accepts the session, I wrote a code for it to accept the session given in the URL. I just need a way to pass it when the user clicks the button
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER CERTIFIED SOLUTION
Julian Hansen

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Jazzy 1012

ASKER
Thanks for clearing everything up!
Julian Hansen

You are welcome.