0

I made a simple PHP login system to login remotely, but the SESSION won't store any data. Please look at the pseudo code below. Please note that mainserver and remoteserver are actually real web addresses. I just don't have enough reputation to post 2 links:

File: mainserver/login.php

$username = $_POST[ "username" ];
$userpassword = $_POST[ "password" ];

$result = check_logIn( $username, $password );
if ( $result ) {

    $_SESSION[ "is_loggedIn" ] = true;
    die ( true );

} else die( false );

File: remoteserver/remoteLogin.php

$http_query = http_build_query( array( 

        "username" => "Username goes here",
        "password" => "Password goes here"

) );


$ch = curl_init();
curl_setopt( $ch, CURLOPT_URL,"mainserver/login.php");
curl_setopt( $ch, CURLOPT_COOKIEJAR, md5( rand() ) .".txt" );
curl_setopt( $ch, CURLOPT_POST, 1 );
curl_setopt( $ch, CURLOPT_POSTFIELDS, $http_query );
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
$output = curl_exec ( $ch );
curl_close( $ch );

Even when the mainserver returns true (after the login was done successfully), I visit the http://mainserver.com/ but the $_SESSION[ "is_loggedIn" ] is still not there; and technically, I'm still treated as a logged out person.

Is there anything missing that I should address?

timthekoder
  • 415
  • 5
  • 16
  • Did you use session_start()? (http://php.net/manual/en/function.session-start.php) – Anees Saban Jan 20 '17 at 22:54
  • Yes. I did. It's just the pseudo code. Everything was done and tested successfully when not receiving data from a remote site. – timthekoder Jan 20 '17 at 22:55
  • I see now what you mean, the problem is this: Like when you log in via chrome, you are not logged in in firefox. The same goes for your server running the script, the mainserver's session is linked to remoteserver and not you. Even if you share an IP or even a physical machine. – Anees Saban Jan 20 '17 at 23:03
  • @AneesSaban: So is there any way to get around it? Single Sign On is what I am aiming for. I would like to be able to log in 1 place and automatically log in to another place, if that is possible at all. – timthekoder Jan 20 '17 at 23:05
  • That is an entirely new question on its own like - http://stackoverflow.com/questions/44509/single-sign-on-across-multiple-domains For now I will post my above comment as an answer to this question. – Anees Saban Jan 20 '17 at 23:08

1 Answers1

0

Your problem is this: Like when you log in via chrome, you are not logged in in firefox. The same goes for your server running the script, the "mainserver"'s session is linked to "remoteserver"'s CURL request and not you or your browser. Even if you share an IP or physical machine.

To achieve SSO you can look at Single Sign On across multiple domains

Despite it being closed it has some useful answers.

Or try posting a more specific question that fits your (new) needs.

Community
  • 1
  • 1
Anees Saban
  • 607
  • 6
  • 11