One problem with Drupal and Magento side by side is Single Sign On. When a user is logged in to one site (Drupal), and they visit another site (ie. Magento) in the group, they are logged in and gain immediate access to all other sites.
To resolve this problem, we can use Single Sign-On (SSO) is a feature which allows a user to be seamlessly signed in to one site after signing in to another. Within a site group, you can define a sub-group of sites, known as SSO Segments, which share an SSO experience. SSO manages a single session for a user for all the sites in the segment.We have basically two solutions for this.
Solution 1:
Magento is the owner of the session, authentication and consumer specific data (identity, shopping cart). Magento will set a session cookie on the whole domain, covering the Drupal pages as well. This way, once the customer is authenticated, any ajax requests made from Drupal pages to Magento will be seen as authenticated.
Solution 2:
We can use a centralized identity and access server like Gigya.
Both solution has pros and cons but they are good both. I think the first option can be the best choice for simple if we are familiar with Magento and cost to implement new extension like internal identity provider in Magento is small.
But solution 2 is also make sense for you, if you want to make a separation of concerns that put all identity and access logic outside (in Gigya).
In next part, we will see how we do the synchronized data and integrated redirect between two sites.
