I need to integrate vBulletin 4.0.3 Publishing Suite with status.net microblogging platform. The first thing I need to do is make these 2 to share 1 session so a user logged in vBulletin forums will also be logged in to status.net and vice versa.

I have installed different vBulletin components under different subdomains:

  1. forums.sample.com - vBulletin forums
  2. blogs.sample.com - vBulletin blogs
  3. sample.com - vBulletin content management

All of these point to the same place (.../public_html/index.php) which includes the respective php file (content.php for sample.com | blog.php for blogs.sample.com | forum.php for forums.sample.com) depending on the $_SERVER['HTTP_HOST']

I have configured vBulletin to use a single cookie.domain (.sample.com) for all of these 3 domains so visiting different domains doesn't break the session.

I also have status.sample.com, which is the subdomain where status.net is installed. The subdomain configuration is different so the document_root is actually a subfolder (.../public_html/status/) in sample.com

Now, can you please give me some pointers on how to make all these subdomains share a single session?

I'm not sure if it helps, but as I understand, status.net does no custom session handling by default, but it is possible to turn it on so it will start storing session data in a database table called "session". vBulletin stores sessions in the database by default.

Any tips will be appreciated.

Thank you.

Comments

Ok, here is more info - Statusnet: after simple login, there are no serialized objects in the data field. Notable data entries (besides session_id as primary key) are 'started', 'session_id', 'user_id' and 'session_token'. vBulletin: after simple login, there are no serialized objects in the data field. All entries are separated into fields. Notable fields are 'userid', 'sessionhash', 'idhash', 'loggedin', 'lastactivity' and 'location' Now how hard would it be to insert a row at login and update started/lastactivity in both databases provided userid's match at both ends?

Written by jaz

Accepted Answer

Even id they both share the session, it's useless to you. They would have to use the session the same way, meaning:

  • Store the same variables with the same keys (or each application put in session, apart from he data it needs, the data the other one needs).
  • Unless they use exactly the same data to perform the logins, they both would have to have access to username/definitions/whatever's stored in the session of the other application
  • If they stored objects, both would have to have access to the respective class definitions

So, unless you're building your own applications and think about it from the beginning, forget about "sharing sessions". Implement a single sign-on like CAS or OpenID instead.

Written by Artefacto
This page was build to provide you fast access to the question and the direct accepted answer.
The content is written by members of the stackoverflow.com community.
It is licensed under cc-wiki