I have separate servers for my projects, and I would like to ask for stuff across all of them. I found that I had to use either PHP: file_get_contents or cURL, but then here is my question. Is there a way for my servers to verify which server can ask them execute stuff?
For example I use this script:
function is_ajax() {
// BOOLEAN return if AJAX
return isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest';
}
to check wether or not the request is AJAX based.
I will probably have access to each servers IP address, if there is a way to use those.
I can tell that one of the things I want to execute is starting a session on SERVER B, after SERVER A has verified some informations. So to prevent other servers and scripts to execute without permission I want a way for my SERVER B to verify that it actually is SERVER A who's asking.
EDIT:
I am creating a session on SERVER A using a session class that saves the data encrypted in an SQL database.
Also by using session cookie parameters
session_set_cookie_params(
$cookieParams['lifetime'],
$cookieParams['path'],
$cookieParams['domain'],
$secure,
$httponly
);
And even though the servers are different, they share same domain name but are separated in sub domains across the servers, so maybe a way would be to let SERVER B see the session at SERVER A and then create a similar session?
I settle with the ?SOMEPASSWORDVARIABLE=LONGSPASSWORDWITHRANDOMCHARS as @complex857 suggested.
as file_get_contents is run server side, it's not very easy to guess the file name file the variable and the password, if the actual request could be monitored by monitoring your traffic from your server but the likelihood is very small