I have separate servers for my projects, and I would like to ask for stuff across all of them. I found that I had to use either PHP: file_get_contents
or cURL
, but then here is my question. Is there a way for my servers to verify which server can ask them execute stuff?
For example I use this script:
function is_ajax() {
// BOOLEAN return if AJAX
return isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest';
}
to check wether or not the request is AJAX based.
I will probably have access to each servers IP address, if there is a way to use those.
I can tell that one of the things I want to execute is starting a session on SERVER B
, after SERVER A
has verified some informations. So to prevent other servers and scripts to execute without permission I want a way for my SERVER B
to verify that it actually is SERVER A
who's asking.
EDIT:
I am creating a session on SERVER A
using a session class that saves the data encrypted in an SQL database.
Also by using session cookie parameters
session_set_cookie_params(
$cookieParams['lifetime'],
$cookieParams['path'],
$cookieParams['domain'],
$secure,
$httponly
);
And even though the servers are different, they share same domain name but are separated in sub domains across the servers, so maybe a way would be to let SERVER B
see the session at SERVER A
and then create a similar session?