Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.
By vacilando on
Hi,
I wonder whether anybody knows a module or has any experience in possibilities of using Drupal's authentication for another website.
Basically, I need to assure that people who successfully log in to Drupal installation then automatically are permitted access to another website (non-Drupal, just php, and on a different domain).
I surely cannot read Drupal's cookie from the other domain, but I could access the sessions records in the database. Would that be the preferred approach to this problem?
At the other website all I need from Drupal is to check that it is a valid user, set some ID somewhere, and as long as the ID is there, the other website will not ask for authentication.
Thanks for any ideas!!
Tomas / Vacilando
Comments
Easy--but you have to write some code
Create a callback on your drupal...something like /checklogin?redir=http://www.slashdot.org
checklogin reads drupal session var, and checks to see if the user is logged.
check login, then creates a hash of the username. it then redirects to the url passed via redir, and attaches the username and the has. On the remote site, you check the hash and set a session var to the username.
Should work.
Yeah, that's quick-and-dirty, but would work OK. Much easier than trying to talk to Drupal guts!
I'd suggest adding the request IP to the hash, otherwise the redirect is too easily bookmarkable/spoofable. Still not perfect, but n2 more secure.
.dan.
How to troubleshoot Drupal | http://www.coders.co.nz/
.dan. is the New Zealand Drupal Developer working on Government Web Standards
Similar Issue
I have a similar issue, I also want to use the Drupal authentication to grant access to a non drupal site. I am hosting this other little web app in the same server as drupal, i created it using CakePHP. Any suggestions as to how I can accomplish this??? Thanks everyone!
something similar
I'm looking to do something similar.
I have come across these projects which might be of some help.
Perhaps not by using the actual modules themselves, but by taking a look at how they work.
http://drupal.org/project/httpauth
http://drupal.org/project/securesite
http://www.webschuur.com/publications/blogs/2007-02-17-howto_turn_drupal...
Will look into it
Thanks for the links, I will dig in and post my findings.