Link to home
Start Free TrialLog in
Avatar of Jazzy 1012
Jazzy 1012

asked on

Login in to one site, automatically logs in me to another

I have this a main site that logins users to their profiles, How can I make it that if a user is logged in into the main site, then they are automatically logged in to the secondary site (whole other site & server). Do I have to use file get contents?
Avatar of David Favor
David Favor
Flag of United States of America image

How you do this relates specifically to how your session management is handled.

If this is your first time doing this, likely good for you to research various ways WordPress does this + extract whatever code seems like it can be modified for your specific session management approach.

Likely GitHub will be a good starting point.

There is no single answer for this, as there are many factors to consider.

Also, if you're running multiple site instances/copies, then be sure to look at how WordPress handles multi-instance, session management.
This depends on what you have access to in terms of the servers in question.

The latest trend for solving this problem is to use JWT (JSON Web Tokens). With JWT authorisation you can do third party authentication.

When you authenticate with your primary server the server generates a JWT - this is stored in localStorage on the client. With each request to the server the token is added to the header of the request - where it is retrieved on the server side and validated.

When you need to authenticate to a third party you still include the token in the header - the second server can then authenticate the token locally or make an API request back to the primary server to validate the token.

More on JWT's here https://jwt.io/
Avatar of Jazzy 1012
Jazzy 1012

ASKER

Is there a way to do it with file_get_contents, and I send the email and password to the other url
This all depends on your session management.

With WordPress, how this is done is all clearly defined.

With custom code, only the developer knows the code they've written, so the developer will be the person to answer this question.

Likely this will include both ends - initial site where login occurs + then other sites.

You might be able to accomplish this via URLs + again this depends on code involved.

When clients ask me about this type of infrastructure, I tell them to use WordPress + write their code as plugins, to leverage WordPress session management... because... session management is a bear to get working correctly in all situations.
I have this so far:
<?php 
session_start();
require "new_connection.php";

$email = $_SESSION['email'];
$user_id = $_SESSION['id'];
file_get_contents("http://blog.jasmine.com/?e=$email");
if($_SESSION['send_to'] == 1)
{
		header("Location: ../profile");
		exit();
}else{
	
	header("Location: ../deliveries");
	exit();	
}

?>

Open in new window

But its not sending to blog.jasmine anything because if I do it from the url in my browser to see if the blog site is accepting it does, but when I do it through here, it does not.
You need to understand how sessions work - you cannot share them between two servers.

When you start a session a cookie with a session_id is linked to your client. To establish a session on another server would require creating the session there and then having that site put a cookie on the client.

The only way to do this reliably is with a shared token that both sites can validate and that is included in all requests from client.
Yes I did that the other site to accept the session when the url is for example:
http://blog.jasmine.com/?e=test@mail.com

It works but im having troubling sending it, my file_get_contents is not sending that url to the browser.
my file_get_contents is not sending that url to the browser.
file_get_contents reads in a file - it does not have anything to do with the browser.

If it was possible to pass a session across in a URL every single site on the net would be compromised.

The only way to share sessions is for both servers to char a token that is not cookie based as cookies are bound to domain and protocol.
there isnt a way to trigger a url (go to it without actually going to it)?
Read my previous update.

Whether you can trigger this with a URL request or not depends heavily on how session handling code is implemented for each site.

Engage developers which wrote code for each site involved to determine if this will work or not.
there isnt a way to trigger a url (go to it without actually going to it)?
This does not make sense. How do you knock on a door without knocking on it.

To establish a session with another computer you need either to visit and authenticate with that server or used a token based security protocol.
The other server of the other site, accepts the session, I wrote a code for it to accept the session given in the URL. I just need a way to pass it when the user clicks the button
ASKER CERTIFIED SOLUTION
Avatar of Julian Hansen
Julian Hansen
Flag of South Africa image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks for clearing everything up!
You are welcome.