1

I have created two very different web applications using Yii. They both share the same database and they both use the same tables to log in. Both web applications have a link towards each other. What I'm trying to achieve is if a user happens to login to any of the apps (let's say app 1), they can transfer from app 1 to app 2 without having to login and vice versa.

I looked for session initiation and I researched that it should be found in UserIdentity.php but when I checked, there were no sessions being initiated at all. I'm not going to post code for now since the codes are working fine, it's just that I need to know how to make the user experience more flowing.

remedy.
  • 2,032
  • 3
  • 25
  • 48
  • I'm not familiar with YII but I think that it probably uses a unique string within the session for each site, and probably also sets/matches for a unique cookie that it uses to determine which site the user is logged into. – Armin Feb 06 '14 at 08:57

2 Answers2

0

If the applications are on the same server, you can follow this article. Basiclly you have to set the same (cookie) for both applications, and set a session path. You can also save the sessions to a database table (See Larry Ullman's article on this) as an alternative.

Michiel
  • 2,143
  • 1
  • 21
  • 21
  • The first article was exactly what I needed, and it steered me towards the right direction, but now I'm facing a whole set of problems. I've asked a new question that covers it. – remedy. Feb 06 '14 at 12:45
0

First thing to consider is that you have to make your session cookies available for both domains:

1) If your applications are on subdomains you can make it avaliable like this before starting to session_start():

    session_set_cookie_params(0,'/','.yourdomain.com');

And your session data is available under all subdomains. Easy huh

2) If your applications are on different domains there is a good article for that

Building and implementing a Single Sign-On solution
secure-and-flexible-cross-domain-sessions

Also make sure that you read about session and cookie security and implement them

Community
  • 1
  • 1
  • According to #1. Would this mean that I have to add a condition to EVERY page that I have to make sure it's within a session? I'm using Yii framework by the way. – remedy. Feb 06 '14 at 11:15
  • @user3278616 I haven't used Yii framework, but yes you need to check the session where you need it –  Feb 06 '14 at 14:30