Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

ovidiu_dtp's avatar

Single Sign On - a way to share a session between several applications?

I have a lot of different applications, and a lot of users. If a user has a role in an application, he will get access to that app, with those roles(it can have more than 1). Else, he will not. When a user will login in any app, he is logged in in the system, and he can access any of its other apps with its credentials. When he logs out of one app, he is out from all the places at once. Same when he is not active for a specific amount of time. Each app is constructed in its own way. With or without a framework. This may not be that relevant, tho.

How can I keep the session synchronized between all those applications?

I was thinking to create a system with web services, and each access of a route, will also call the SSO app and update its status, and the SSO app would call all open applications of that user and update the session status in each app. However, I have the feeling it may not be the smartest and safest way. What is your opinion about such a problem? Another way would be to use a shared database with sessions... But that would make each app aware of one extra database.... Is this safer?

0 likes
2 replies
nolros's avatar

@ovidiu_dtp in a similar way in which Laravel creates a user auth token you could created a application token i.e. its own class instance. In that app instance you can store the users current app context, groups, entitlements, roles, etc. for that applications. As the users loads up different applications you would reset / hydrate the application token with new application context. I do this for security identifiers, applications, objects. The user then authenticates with laravel, but is authorized access, privileges, etc. using its application token.

Hope that helps.

1 like

Please or to participate in this conversation.