My site has grown well over the last few years, I get about 250K people a day. Right now I'm using about 3 servers and made it so different parts of my site are hosted on each. Example: the main server is the bulletin board is on server 1, photo albums on server 2, and profiles on server 3.

I want to make it so people can login in on the main server and then get access to others. What is the best logic to do this? I'm using PHP.

hire a programmer.

hire a programmer.


Why would I need to hire a programmer? What can they do that I can't?

They can do what you can't. :)
You don't specify what you can't, then how would i know your ability?

They can do what you can't. :) You don't specify what you can't, then how would i know your ability?


First, I said "I'm writing". Second, it's not what I asked.

If I ask for a hammer, are you going to give me the phone number of a handyman instead of telling me the nearest hardware store? Just because I didn't say I know how to use a hammer, don't assume that I can't.

obviously, if you can, you wouldn't come here for help. If you truly can, the best way is to tell us what you have done so far, and they give you your opinion.

I am not gonna waste my time on your thread. Sorry.

obviously, if you can, you wouldn't come here for help. If you truly can, the best way is to tell us what you have done so far, and they give you your opinion. I am not gonna waste my time on your thread. Sorry.


That is not what I asked. Read my post again. Your wasting your own time by not comprehending the question.

Well just use a mixture of Session control and User Cookiers.

Obviously the Session variables wont be passed between the servers, but you can use Cookies to automatically 'know' if a user has access on one server and just duplicate the session on another.

Thats what I would do,

Well just use a mixture of Session control and User Cookiers. Obviously the Session variables wont be passed between the servers, but you can use Cookies to automatically 'know' if a user has access on one server and just duplicate the session on another. Thats what I would do,


I thought about that, but how would I keep it secure? I've seen yahoo do it where you use the domain login.yahoo.com and then can access all the other parts of their site like mail. Looking at their cookies, I see they use all encryption for the values. Maybe use come encrypted data to be based by cookie so I know who they are?

I'm looking for simple and secure.

Well you could make sure that the cookies are only valid on the computer they are created. So have some kind of encryption algorithm based around the users computer settings.

That is always one good way.

Is this the kind of security you were talking about?

Well you could make sure that the cookies are only valid on the computer they are created. So have some kind of encryption algorithm based around the users computer settings.

That is always one good way.

Is this the kind of security you were talking about?


The kind that makes it impossible to be hacked -lol. I'm going to see what I can home up with and post it here.

You could simply store your sessions / session data, in a database..... accessible by all servers in your cluster.

Or you could do both :)

The kind that makes it impossible to be hacked -lol.


If you are storing sensitive data that requires that level of security you will also need SSL - http://www.verisign.com/ssl/ssl-information-center/

Even if you encrypt cookies and use server side sessions you are still vulnerable midstream via packet sniffers and the like. Even though you dont see the POST scope in the url, it is very readable in the request header. If someone can get at that packet they have the user/pass and any session handling is not going to stop them.