Transparent Single-Sign-On (SSO)

Today, I went back to finalizing SSO across my own web app, s9y, and Phorum. This requires making a database-based session tied to a cookie for my app, a rather verbose cookie for Phorum, whose key gets stored in the user's record, and a PHP session for s9y:

• sessions.session = md5((string ? string : rand()) . salt)
• Phorum: phorum_users.cookie_sessid_lt = user_id . ':' . sessions.session
• s9y:$_SESSION = array( [serendipityAuthedUser] => 1 [HTTP_REFERER] => http://(webroot)/ [serendipityUser] => username [serendipityPassword] => md5(clearpassword) [serendipityEmail] => user@email.com [serendipityAuthorid] => 1 [serendipityUserlevel] => 255 [serendipityRightPublish] => 1 )

Each web app also has its own way of storing the users' account information, though luckily they all sit in the same database and can all get easily created at the same time. At some point in the hopefully not-too-distant future, I'd like to contribute to each project to make user storage more flexible, along the lines of how exim4-mysql, postfix-mysql, and pure-ftpd-mysql (and many others) work. Each of those use configuration files to define the queries for retrieving a user's information, authenticating, and anything else. That way you can store users in one table and have the information centralized.