What is the best way to enable different apps in different sub-domain use one authentication system in such a way that: 1) Registration happens just once in on of the app and the rest would use it? 2) Sign in happens just one and user would be automatically logged in when he/she visits any of the other apps? 3) Secured part of any of the app would still be available after browser that was closed without logging out is reopened?
j
stuff ;)
Nicholas Wiersma
Software developer, general human being.
I think what you are looking for is an OAuth 2 server. PHP League OAuth 2 is a really nice one. The server application acts as your central login. All other apps will refer to that server for authentication, authorisation (scopes) and so forth.
You should probably do some reading about the flows and security of OAuth 2 before you embark upon this route, but it sounds like it will fit the bill.