I have two php applications: one hosted on example.com and one on example.org. Both applications are indispensable, means when a user uses application of example.com, it will use example.org too because a part of application is at example.com and another part is at example.org. But there is a problem. When user is using example.com and need a function of example.org, he goes to example.org, by clicking a button from example.com (and vice-versa) but he needs to login again (that's the problem).
How to auto-login user on example.org, when he is sent to example.org from example.com (usernames&passwords are the same for a user on both domain).
I want to be very secure.
Thank you so much!
You have to pass a session from one site to another site in URL, also pass the encrypted md5 password using salt and on the another site make the same mechanism for decryption and than match that encrypted password to the one that you receive from the URL.