[drupal-devel] login once for multiple sites
allie at pajunas.com
Sun Apr 24 03:02:54 UTC 2005
This would be exceedingly useful for us as well. But you don't want to
rely on PHPSESSID because (hopefully) the various sites do not have
access to the same session info. Additionally, a site can't set a
cookie for another domain. You can set a cookie that works on various
subdomains ( a.drupal.org, b.drupal.org, etc.) but that's nowhere near
One way to do this is to query a central site for logged-in status:
- A user preference on each site includes a "log me into the network"
option. This sets a persistent cookie on the user's machine that
represents some kind of universal id for them.
- Upon successful authentication on a network site, the logged-in
status is reported to the central server for that universal id.
- When a user attempts to authenticate, check for the presence of that
cookie. If it exists, query the central server to see if that id has
been logged in somewhere else
- During subsequent hits and/or login status changes, the central site
is notified of the users' status.
This has usability issues, which would have to be identified and
It sounds shockingly insecure, but can be made "good enough" through
the use of SSL, session cookies, secure hash and shared secrets among
the network sites.
The persistent cookie is a definite problem for multi-user systems.
Off the top of my head, I don't know a way around it.
>> I think it would be a good idea to provide administrators who use one
>> Drupal installation for multiple sites and share users and sessions
>> those sites (via $db_prefix) with a new option that would let users
>> log into one of the sites to be automatically logged into some or all
>> the other companion sites.
>> I'm envisioning this working by adjusting user_login() function in
>> user.module. Once a login is successful, have the function send out
>> PHPSESSID cookies for the desired sites, each containing the same
>> Your thoughts?
> I've been thinking about implementing this feature. But there is always
> this lack of time...
pajunas interactive, inc.
scalable web hosting and open source solutions
More information about the drupal-devel