Single sign on using cookie php
I am thinking what is the best possible solution on how to do it. We have a website (www.xyz.com) and a forum website[MyyBB forum] (www.community.xyz.com). Is it possible to make a SSO login using cookie. When I logged in to the main site I don't need to login to the community (vise versa). I have sample code here that enable the user get the email after logging in.(not secure)
$u_email = $_SESSION['user_email']; setcookie('user_email',$u_email,time() + (86400)); $the_email = ($_COOKIE['user_email']);
I have to get the email of the user because it is identical to both database. Then when email matched to the same database, force the user to automatically log in to the other website when he/she visit it. When user log out, it will expire the cookie.
I am new to this, using cookie. Any suggestions or ideas?
You don't need to use single sign-on between a subdomain and the root domain. Just set the domain parameter in setcookie() to xyz.com and you're done.
But if they're on separate domain names (say, xyz.com and abc.com), then you have to choose between getting inventive or implementing the standards (e.g. OAuth2).
For OAuth2, you can't probably go wrong with an existing OAuth2 library, such as this one by the League of Extraordinary PHP Packages.