Share session between two systems in Zend Framework v1

Question

I'm facing an issue that's beyond my Zend Framework knowledge, i hope you guys could help.

I have a old fully-functional system installed in my server (let's call it http://stable.server.com), which has a very old PHP version. I'm planning to upgrade my PHP version to the latest (and hopefully in a few months, to 7!) but my code uses a lot of deprecated functions and has some code that isn't valid for PHP 5.6 but it was for older versions. I've made a division of modules in order to migrate each module, test it and then upload it to a parallel server with the latest PHP version (let's call it http://updated.server.com). Of course each one has a different Zend installation, with the same version and configuration file.

Of course those modules has some communication between themselves, and I want to keep the change the most transparent for my users. So when I call from updated.server.com to stable.server.com and viceversa, my app asks me to login again. When I'm logged in the two systems, this communication goes straight, but I want to avoid the users to login again.

¿Any of you have made something like this? I'd like of course a secure way to avoid that login between systems, so nobody could mount a fake system and login from it.

Thank you all in advance.

Answer 1

I think you are looking at the two different problem.

1. Session is written on disk this information needs to be shared between two servers.
2. Cookie needs to be persistent through out the domain/subdomain.

for session sharing you can use mysql session storage. http://framework.zend.com/manual/1.12/en/zend.session.savehandler.dbtable.html http://framework.zend.com/manual/1.12/en/learning.multiuser.sessions.html https://github.com/sprain/PHP-MySQL-Session-Handler/blob/master/MySqlSessionHandler.php

you can google it there are so many solution out there.

2.Domain set cookie for subdomain

you can set your cookie to be ".server.com" then it will live through out of your all domains.

This is not simple fix!! but once you are done with this implementation you can run both version at the same time on different machine with same session information.