#1
  1. Mmmm...Donkey punch...
    Devshed Novice (500 - 999 posts)

    Join Date
    Jun 2004
    Location
    All up in your grill
    Posts
    981
    Rep Power
    42

    Maintaining a login across three servers.


    We have two major web applications that are each on a different server/location than our webpage.

    Each application requires a login, and we would like to figure out a way to securely cross between the two. URL passing is not an option because of the security risk is poses.

    Is there a way to maintain login info across servers? The next problem is that one application is written in EDIFY (I'm probably spelling that wrong, I've never touched the code) and another is written in .NET ASP. I do our webpage in HTML/PHP.

    Maintaining a Cookie is probably also going to be vetoed.
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2004
    Posts
    128
    Rep Power
    10
    as far as I know, it's not a easy job to do this.

    if these apps are under the same domain name , maybe cookie is the simplest. if they are not, you may have to use the database to record login information and find a way to verify it.

    you may look into some existing products on the market, maybe you can find some

    I remember MS's Passport technology should be able to solve this, but that's too complex I think
  4. #3
  5. King of RGB
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2004
    Location
    brussels
    Posts
    398
    Rep Power
    11
    well, i could imagine this to be possible. Especially if you are a php man, like me

    1. grab visitor's ip address on site 1.
    Store ip adress with login/password and timestamp of login.
    2. on site 2:
    2.1: check visitor's $_SERVER['http_referer'], if it contains server1's dns value, to verify visitor comes from server1.
    2.2: If it does, grab its ip address.
    2.3: query server1's database for that ip address. If ip exists, get timestamp value. If timestamp value Greater than [you decide how long ] show login form, else let him pass through.

    this is just an idea, never tried it. Except the 2.1 step, which works fine.
    http://www.pixeline.be
    ........................................

IMN logo majestic logo threadwatch logo seochat tools logo