Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

janvierma's avatar

Authenticate through Curl ?

I have one app that is served on three separate domains (domainA.com , domainB.net and domainC.org ).

I created a fourth signin App on the subdomain of domainA.com (login.domainA.com ).

I am able to log in successfully on any of the 4 entry points.

WOULD LIKE :

  1. If I log in any of the 3 main domains (domainX.tld) to send a Curl post to login.domainA.com and log the user in the other 2.

  2. Once user logs out of any of the 3, I log them out of all the others.

So far, the curl post is sent, no errors, but empty response.

Method at the login.domainA.com

`accountsCurled(array $post = NULL){

  $defaults = array(
    CURLOPT_POST => 1,
    CURLOPT_HEADER => 0,
    CURLOPT_URL => '//login.domainA.com/XYZ',
    CURLOPT_FRESH_CONNECT => 1,
    CURLOPT_RETURNTRANSFER => 1,
    CURLOPT_FORBID_REUSE => 1,
    CURLOPT_TIMEOUT => 4,
    CURLOPT_POSTFIELDS => http_build_query($post)
  );

  $ch = curl_init();
  curl_setopt_array($ch, $defaults);
  if( ! $result = curl_exec($ch))
  {
    trigger_error(curl_error($ch));
  }
  curl_close($ch);
  return $result;
}`

STACK : UBUNTU 18.04 , NGINX , PHP-fpm 7.2

Can somebody send me a simply POST curl example please? My code may be out of whack.

0 likes
4 replies
D9705996's avatar

I'm not sure if this is a viable option but you could use redis as your session driver and confgure all of you applications to use the same redis configuration.

You might need to configure Trusted Proxies as per

https://laravel.com/docs/5.7/requests#configuring-trusted-proxies

I have not tested this so not sure if it would even work but seems better than trying to manually use setup and tear-down the individual application sessions. FYI I wouldn't use curl but guzzle as its much easy to code and read.

There is a StackOverflow article that suggests this is possible but you might want to think about using JWT with Laravel passport instead,

janvierma's avatar

@d9705996 Thanks for the suggestions. I will look into all the option JWT looks interesting. Passport, not too sure yet, but I Will read the documentation first

Cronix's avatar

Hmm, haven't tried this, but just thinking out loud... seems you'd need to set up a cookie jar for curl and hit an endpoint to establish an initial unauthenticated session. Then try to login since you now have the session cookie along with the session id. You'd need the cookie first to get past csrf on the login call. Again...I haven't tried it... but you need to simulate what's going on in a real browser.

Please or to participate in this conversation.