Posted by Razi on 03/20/06 01:50

Hi all,

recently, I finished a Learning Management System "LMS" web application
for a local university in my town, I used PHP as a server side script,
and sessions for user authentication, anyway, my problem is: the
university already have a student information system "SIS" that have
been built using JSP and java servlets, and they want me to merge the
two projects so that there will be no need to any login page for the
new one, but there will be a link in the SIS in the main page for each
student and teacher "after he logged in" and this link must redirect
him to his account for the LMS application, and to make it worse, each
project runs on a different servers, and LMS server does not have any
access to the main database of the university.

The problem is: how can I implement a secure way to make sure that the
user has been redirected from SIS servers and after he logged in, and
not from anywhere else.

I have an Idea to get over this, I will create a table in the LMS
database and give the administrator of the SIS a write access to it, so
before he redirects any user to LMS, he must add a query in that table,
let's say user's ID.

Any ideas?

Thanks in Advance,
Razi

[Back to original message]