I own 2 websites A and B. This means I can put any code on each of the websites and run it there. However, I can't access the database of the other website from one of the sites.
Recently, I needed a way to make a link on website A to website B but I needed the user to be automatically authenticated on website B when he clicks on the link if he was authenticated on website A.
So what I have done is the following :
This works well. However, I feel like this is not really the way to go as it is not really secure. For now, those are toy websites so I don't really care.
Is there a better way to perform cross-site authentication ?
You may want to look into Single Sign On (SSO) solutions. You can have your users log in via a social identity provider like Facebook or Google, or you can have your website issue the tokens itself.
I'm not a PHP developer, so I can't help you with libraries or frameworks.
You can achieve this with the single sign on, following are the links that may be helpful for you.
http://rashidi.zin.my/geek-talks/2009/06/30/php-mysql-curl-single-sign-on-with-multiple-domains.html
http://www.opengroup.org/security/sso/sso_intro.htm
http://www.authenticationworld.com/Single-Sign-On-Authentication/
http://merbist.com/2012/04/04/building-and-implementing-a-single-sign-on-solution/
https://wiki.queensu.ca/display/itsd/Single+Sign-On
https://github.com/jasny/sso#readme
https://lw.microstrategy.com/msdz/MSDL/940/docs/mergedProjects/websdk/topics/sso/SSO_Single_Sign-on.htm