Exchange sessions between different application platforms

Question

Exchange sessions between different application platforms

I had a script and I want you to be human.

I have different web applications developed in Django, Rails, PHP, I want all of them to report the same session data every time. If the application is used in a PHP application, it can automatically register with the Rails application and vice versa.

I know my Central Authentication Server . Some of them are cas , josso .

Who do you have an opinion on this. I want behavior like Google Apps, when I log in to Gmail, I can automatically log in to GoogleDocs.

Share your thoughts on how to implement this scenario?

+4

php django ruby-on-rails-3 session

Nazar Hussain May 27 '11 at 8:46

source share

4 answers

fx_ · Answer 1 · 2011-05-27T09:23:21+0000

Google fully works with the .google.com domain, so they have absolutely no problem using a single cookie to identify you across all applications. If your applications all work in the same domain, I would say go ahead and create your own version to authorize users with a shared session cookie.

However, in the more likely case, if this is not the case, you are better off implementing one of the most popular and widespread single sign-on methodologies, for example OAuth or OpenID separately in your applications and providing your users with a centralized authentication application or allowing them to authenticate through external providers ( e.g. Facebook or Google, which supports authentication via OpenID)

You can run your own OAuth or OpenID endpoint at which your users register and then log in through that endpoint in any of your applications.

Oswald · Answer 2 · 2011-05-27T09:06:59+0000

In PHP, you can use session_set_save_handler to indicate how the session is persistent and restored. I think Django and Ruby On Rails provide similar tools.

borrel · Answer 3 · 2011-05-27T12:18:57+0000

just save sessions in db ore manually completely.

the best approach would be to create a special table for this, watch how php wants to save this serialized data so unserialize before saving in the corresponding field, since serialized data is too complicated to process

in php you have $ _SESSION and session_set_save_handler () but I think you better do it yourself.

make sure that all sites use the same cookie domain (ajax onload (to try to get this coquetry) or keep the same domain)

RRStoyanov · Answer 4 · 2011-05-27T08:53:52+0000

In my applications, I use SESSION to store the value of the registered user. For example $_SESSION['site1']['bakcend']['loggedin']=1; . Then run a session check in other places. They are, of course, all the same domain.tld If you use the example above $_SESSION['site1']['bakcend']['loggedin']=1; , you need a lot of checks if you have many sections. But this is only an opinion, there is a place for more flexibility.

You can also use cookies.

Exchange sessions between different application platforms

More articles: