Just a small snipped I’d like to share with you to create a Single-Sign-On for multiple applications, who do not operate on the same (V)Server/Subdomain and/or don’t share their session. It’s also possible, that they operate under different programming languages.

So you can have a user log-in to Application “A” on Server 1 and redirect that user via a link/pop-up to another Application “B” without requireing the user to login again.

It uses a database-server to store login-sessions with a secure and random token-hash, the IP address and an expire-date. Since a database-connection can established from anywhere via TCP, you can use it as well for different physical servers.

Read the rest of this entry »

Bookmark to: