To make this work, the following condition has to be satisfied.

1. Your external Non –Drupal PHP website should also be in the same domain or subdomain as your Drupal website. For Example if your Drupal website is hosted at then the Non Drupal website which want to use drupal login to act as a single sign on option should be hosted at some address like or

2. You should have access to the Database where your Drupal site is pointing to. At least you should have access to User and Sessions Table of Drupal’s DB.

If you satisfy the above two conditions you should be good to go.

   1:  if(isset($_COOKIE[SESS67bbc1042a258ec17b55d8d15be4f563]) &&
   2:   isset($_COOKIE['DRUPAL_UID']))
   3:  {
   5:      $sessionsql="select sid from sessions where sid='"
   6:  .mysql_real_escape_string($_COOKIE['SESS67bbc1042a258ec17b55d8d15be4f563']) ."'
   7:   and uid='".mysql_real_escape_string($_COOKIE['DRUPAL_UID'])."'";
   8:      $db_connect = mysql_connect($db_host, $db_username, $db_password);
   9:      mysql_select_db($db_name, $db_connect) || die(mysql_error());
  10:      $result                    = mysql_query($sessionsql) or die(mysql_error());
  11:      $found    = mysql_num_rows($result);
  12:      if ($found) 
  13:      {
  14:          //$sql="SELECT * FROM employment_v where uid=".$_COOKIE['DRUPAL_UID'];
  15:          //Logic to use drupal’s user registration info in your site may go here.
  16:      }
  17:  }

 In the above code snippet, you can see an extremely long cookie name ($_COOKIE[SESS67bbc1042a258ec17b55d8d15be4f563]). This is the name of the cookie where the drupal’s session would be stored. Each drupal site has a unique session name associate with it. The value of the session id can be got from this. In my case SESS67bbc1042a258ec17b55d8d15be4f563 is the drupal’s session name for my site. If you want to find the drupal cookie session name of your website you can use tools like firecookie or inspect the cookie stored in your browser.

The logic of the code snippet is whenever a user has been logged in to druapl site, Drupal would store minimum two cookies in browser. One is session value which I have mentioned earlier and the other is drupal id (a unique id to identify the drupal user). And also it makes an entry in the session table with the session id and the drupal id. The entry is deleted when the user is logged out. Hence querying this table with the session id and the drupal user id would tell us whether the user is authenticated or not.
Have the above logic to authenticate the user in a separate PHP file and include the PHP file in the pages that can be viewed only by authenticated user.

I hope that this would have helped. If you feel that this can be done more efficiently, kindly let me know through your comments. Thanks.


  1. Great post i must say and thanks for the information. Education is definitely a sticky subject. However, is still among the leading topics of our time. I appreciate your post and look forward to more. SKYWESTONLINE

Post a Comment