You could use an IP address, but be aware that is not reliable.

Slightly more reliable would be to use the IP address and the browser identification.

I debated over whether to let you know this or not as it's a big money method many of the major players are only just catching on to:

On the central 'remembering' domain you place a .js file served by PHP (use .htaccess to have PHP parse .js files)

<?php
if ($_COOKIE[member])
{
$uniquetoken=md5(rand());
//INSERT $uniquetoken INTO DATABASE WITH TIME NOW AND MEMBER NAME
print 
"
document.loginform.membername='$_COOKIE[member]';
document.loginform.uniquetoken='$uniquetoken';
document.loginform.submit();
";
}
?>

On all the other domains the login box should be in an IFRAME. Insert

<script src="pathtoMaindomain.com/yourphp.js"></script>

into the IFRAME along with the normal login box. The form in the login box should relate to the javascript in yourphp.js, with a hidden field 'uniquetoken'.

In the form submission code, apart from the normal 'does the username and password match?' check - if there is a $uniqueid sent with the form submission then do 'does the $uniquieid match a <10 second old ID for that member?' check. In either case, log in and use javascript to reload the main page.

That's the basics of the method, but you will find it very clean and very extendable. The inclusion of the <script> line into the login-form file only needs to be if you don't already know the user is logged in.

The final part is logging out. You didn't mention that. In short you need to be destroying sessions in some way or another by sending a 'kill session' entry to the databases of all the domains when you log out from any one of them.

Hi Vince,

thanks for your answer, but i cant see how that will solve my problem (maybe i didnt understand your answer correctly or maybe i should have explained my problem more clearly).

Let take my scenario:

My domains:
www.domaina.com
www.domainb.com
www.domainc.com
.
.
www.domainz.com

All of these domains are running against 1 machine running 1 PHP application using 1 mysql DB: There is no master/slave domain. Each and any one of those can be accessed to log in with.

now lets say user "tom" goes to www.domaina.com/login.php and enters logon credentials and checks "remember me on all domains".

The logon is performed and a cookie is set for www.domaina.com and a unique id is generated and this id is put into the database.

Now tom finished his work on www.domaina.com and then goes to www.domainb.com/whateverpage.php. Now how am i supposed to know that this is tom and make sure he is automatically logged in?

Obviously the unique id must be on the client side, which is not possible, therefore im back to square one: To implement this i need a method of uniquely identifying a client machine so that i can control all the "remember me on all domains" logic on serverside. And Even with ip + browser agent info is quite unreliable...

thanks.

Now how am i supposed to know that this is tom and make sure he is automatically logged in?

Use javascript on domainb which loads something from domaina. The script from domaina will be sending some kind of verification code based on the domaina cookie. The javascript (running on domaina) sends that verification code back through domaina to you. You check the verification code, it matches, so you know to log Tom in.

1) Tom logs into domaina, has a cookie from domaina to remember him by.

2) Tom visits domainb, pulls a javascript automatically from domaina

3) As the javascript is served from domaina, domaina knows about the domaina cookie and in the javascript delivers some verification token

4) The javascript (remember it is running at domainb, although it is generated at domaina) submits a form or similar back to domainb saying 'hi, this is tom, his token is $sometoken'.

5) domainb has now been provided the token, a check can be made to the shared database 'yes, that token was given out 5 seconds ago to Tom'

6) Now Tom is verified at domainb you issue him the domainb cookie as normal and he will stay logged in there under your standard logins for domainb.