Single Sign-On (2 Sites, Same Domain)
We are looking to provide single sign-on (SSO) across two web platforms on the same domain name. On platform is an e-commerce site based on Magento, the other is a social networking site based on Social Engine. We require SSO so that when a user is logged into one of the platforms, the user is automatically logged into the second platform (this should work regardless of which platform they are logged into first).
Possible solutions indicate, since they are both PHP application platforms, to use PHP session variables ($_SESSION[‘’]) to store authentication information when a user logs into one of the platforms. Login “check” scripts should be created and placed on the headers of each platform’s pages so that when a user goes to that page, it can check to see if there is authentication from the other platform and if there is, and it is confirmed to be valid, that user should be automatically logged into the other platform. If this is not the best practice to accomplish the requirements, we are open to different routes of development.
This SSO project should also cover account creation on both platforms. When a user creates an account on Magento, that information should automatically be used to create a new account on Social Engine with the same information so that SSO can be leveraged immediately. This must work both ways, so that when a user creates an account on Social Engine, that information should be automatically used to create a new account with the same information on Magento. We presently use Open Id for Facebook and other social engine logins for both sites. So this also needs to work accordingly.