[Tallahassee-pm] An interesting problem.
Phillip Tyre
phillip.tyre at fcul.com
Mon Jul 7 14:30:34 CDT 2003
My solution would be to use the token method, but to have the token be a
randomly generated ID, which gets stored in a (mysql|postgresql|other) sql
database, accessible from both the PHP and the ASP servers. Then scripts on
both sides would check for the token to be in a cookie or require login if
the token is missing (the cookie domain would have to be set to cover all
servers in your domain for this to work. Alternatively, using URL rewriting
would work)
The database would store the IDs of authenticated users (and the time of
authentication). A periodic purge of the system would be necessary to
remove old records that had timed-out.
Let me know if this approach interests you and I'll explain more.
jpt
Ah, then you get into the issue of the ASP_server talking to my MYSql server across the internet, and I'm not 100% sure that is something I'd want it to be doing! After all, while I like the guys that run the Asp_server.... I don't TRUST them ;)
More information about the Tallahassee-pm
mailing list