Login in to one site, automatically logs in me to another

I have this a main site that logins users to their profiles, How can I make it that if a user is logged in into the main site, then they are automatically logged in to the secondary site (whole other site & server). Do I have to use file get contents?
Jazzy 1012Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David FavorLinux/LXD/WordPress/Hosting SavantCommented:
How you do this relates specifically to how your session management is handled.

If this is your first time doing this, likely good for you to research various ways WordPress does this + extract whatever code seems like it can be modified for your specific session management approach.

Likely GitHub will be a good starting point.

There is no single answer for this, as there are many factors to consider.

Also, if you're running multiple site instances/copies, then be sure to look at how WordPress handles multi-instance, session management.
Julian HansenCommented:
This depends on what you have access to in terms of the servers in question.

The latest trend for solving this problem is to use JWT (JSON Web Tokens). With JWT authorisation you can do third party authentication.

When you authenticate with your primary server the server generates a JWT - this is stored in localStorage on the client. With each request to the server the token is added to the header of the request - where it is retrieved on the server side and validated.

When you need to authenticate to a third party you still include the token in the header - the second server can then authenticate the token locally or make an API request back to the primary server to validate the token.

More on JWT's here https://jwt.io/
Jazzy 1012Author Commented:
Is there a way to do it with file_get_contents, and I send the email and password to the other url
Bootstrap 4: Exploring New Features

Learn how to use and navigate the new features included in Bootstrap 4, the most popular HTML, CSS, and JavaScript framework for developing responsive, mobile-first websites.

David FavorLinux/LXD/WordPress/Hosting SavantCommented:
This all depends on your session management.

With WordPress, how this is done is all clearly defined.

With custom code, only the developer knows the code they've written, so the developer will be the person to answer this question.

Likely this will include both ends - initial site where login occurs + then other sites.

You might be able to accomplish this via URLs + again this depends on code involved.

When clients ask me about this type of infrastructure, I tell them to use WordPress + write their code as plugins, to leverage WordPress session management... because... session management is a bear to get working correctly in all situations.
Jazzy 1012Author Commented:
I have this so far:
require "new_connection.php";

$email = $_SESSION['email'];
$user_id = $_SESSION['id'];
if($_SESSION['send_to'] == 1)
		header("Location: ../profile");
	header("Location: ../deliveries");


Open in new window

But its not sending to blog.jasmine anything because if I do it from the url in my browser to see if the blog site is accepting it does, but when I do it through here, it does not.
Julian HansenCommented:
You need to understand how sessions work - you cannot share them between two servers.

When you start a session a cookie with a session_id is linked to your client. To establish a session on another server would require creating the session there and then having that site put a cookie on the client.

The only way to do this reliably is with a shared token that both sites can validate and that is included in all requests from client.
Jazzy 1012Author Commented:
Yes I did that the other site to accept the session when the url is for example:

It works but im having troubling sending it, my file_get_contents is not sending that url to the browser.
Julian HansenCommented:
my file_get_contents is not sending that url to the browser.
file_get_contents reads in a file - it does not have anything to do with the browser.

If it was possible to pass a session across in a URL every single site on the net would be compromised.

The only way to share sessions is for both servers to char a token that is not cookie based as cookies are bound to domain and protocol.
Jazzy 1012Author Commented:
there isnt a way to trigger a url (go to it without actually going to it)?
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
Read my previous update.

Whether you can trigger this with a URL request or not depends heavily on how session handling code is implemented for each site.

Engage developers which wrote code for each site involved to determine if this will work or not.
Julian HansenCommented:
there isnt a way to trigger a url (go to it without actually going to it)?
This does not make sense. How do you knock on a door without knocking on it.

To establish a session with another computer you need either to visit and authenticate with that server or used a token based security protocol.
Jazzy 1012Author Commented:
The other server of the other site, accepts the session, I wrote a code for it to accept the session given in the URL. I just need a way to pass it when the user clicks the button
Julian HansenCommented:
The session is stored in a file on the local system. Are you saying you want to get the session file and send it to another server?

I still don't know why you want to do it this way.

Take a look at Auth0.com - it provides a service for exactly this setup - token based authentication allowing for Single Sign On.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
If you wrote the code to access a session via URL parameter, then your entire question seems confusing.

If you wrote the code to accept a URL based session, then just pass the session in the URL, based on what your code expects.

Be sure all sites accepting URL bases sessions are SSL wrapped, else anyone will have access to your site.
Jazzy 1012Author Commented:
Thanks for clearing everything up!
Julian HansenCommented:
You are welcome.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.