[erocktroll]

**This is a duplicated post -- I posted in the development forum also, as I wasn't really sure where to find an answer....**

Okay, I've been asked to take two systems and create one single sign on application to authenticate to both. I've got one system with php/mysql and the other with Coldfusion/Microsoft SQL. Currently, both are accessed by typing in ip addresses rather then domain names. I'm not sure that I can set up a domain name for them, given the environment.

Currently, each system has it's own login and authenticates to it's own database. I was originally hoping to be able to get this down to just one database, but others involved are fighting this option. So what I was thinking is this...

I'll have a login page which will create a cookie on the system with an expiration date/time, the username, and a randomly created session code. When a user logs in, the session code will be generated by the primary system, and written to a current login table in the primary database. Then, when a user trys to access a secured page, the system will check for the cookie, grab the user name and session code, and check to see if it exists in the database. If it's valid in the db, they are granted access. If not, they are denied and forced to login again. This is okay, I think, as long as they are authenticating to only 1 ip/domain.

Does anyone have any experience with having to create/implement SSO? Any suggestions for improvement in this area? Web development really isn't my area, but none the less, I've been asked to make this work. So I'm giving it a try.....