I have a user account that shows all the subscriptions and memberships of clients that my company has. This is at https://secure.example1.com/membercenter/ .
I have another site that is an actual member site. This value is http://www.example2.com/ . (each site in a different domain, although it is the same dedicated server.
I want to provide a simple login to the membership site, not including the username and password of the user in the link.
So I came up with the following:
When a user clicks on the "Login" link for their membership, I create an md5 hash tag of their userid + unix timestamp and add it to the database table along with my user ID and timestamp.
Then I redirect to the http://www.example2.com/login?hash=(the hash).
The script input on example2 accepts the hash and looks at it in the same table. If a hash is present, I retrieve their username and password from the client database using the user ID stored in the hash, and pass it to the pre-existing login function, and they enter the system.
When this hash login script is run, it first deletes any lines older than 5 minutes and then checks the passed hash value. If it finds a hash, it registers the user, and then removes the hash that was used from the table. This means that there will never be hashes in the table older than 5 minutes. The only time there would be (should) be any hashes remaining in the table - if the user somehow does not do this from secure.example1.com to www.example2.com after clicking the link (let's say the Internet goes down to the right side secondly, DNS issues resolving example2.com etc.). A 5 minute expiration means they can sit there and reload the redirected URL until they log in or until 5 minutes have passed.
When a user is redirected, they see a hash value.
secure.example2.com .
: - ? ? ?
, !
EDIT: www.example2.com , /.
EDIT2: tobyhede re: . script www.example2.com, . , .
EDIT3: Re: Attacker : ( ). ? , , , .