I've written a system based on the HybridAuth library available here: http://hybridauth.sourceforge.net/
The user can login using Facebook, Twitter, and the sites local login system.
However I'm wondering what should happen when the PHP session expires (24 minutes currently - default setting). Previously with single sign on systems I've just redirected the user there and should they have checked remember me it automatically re-establishes there connection.
Now though I have three methods in which a user can login.
These are the options I've come up with so far:
- Try connecting with each of the available authentication methods until a connection is found
- Store a cookie client side with information of which authentication provider the user last used and only try that one
- Force the user to choose how to login again (not ideal)
If anyone has any suggestions please share.
