I have an old login system in PHP.
But on new sub domain we made an application with angular and I want to share login with each other, I want user to login on our subdomain and then will be redirected to my angular application.
So I need to share variables like username ,id ,full_name etc.. between both apps.
Basically I don't want to use GET request and I'm looking for something secure like may be post request or session variables or localstorage, Please guide us how we can achieve that?
Please help.. Any suggestions will be helpful
Related
Does anyone know of a way to have redirect variables persist while a user is logging in via Facebook or Google. This has puzzled me for a while now.
For example if I want to redirect the user back to a specific article (page) on the website I need the URI information to persist during the login.
The problem is that the login process takes the user to the provider (in my case Facebook or Google) and then back to the website. During which time the redirect information is lost.
Does anyone know of a way to do this?
All help is appreciated.
Thanks,
cs1h
I have a question. How to check user authentication in MVC app, which is loaded in iFrame ? The main app, wchich presentig iframe was written in PHP. Users are logged in PHP app.
What can I do, to check is the user was authenticated, and check about his name, id or something what I'll map in my app.
I'm an author of MVC app, but not a PHP app. Of course I have a contact with the PHP teamt, so I can ask them to set something (object, marker, variable) when tehy call my MVC.
Thanks for your help
You can have a common cookie between both the application or use a cookie created by php to know the user details and create one for your own asp.net mvc app. I have few similar link which may help
Stackoverflow ASPNET-PHP
I'm fairly new to facebook development, but have experience with PHP and JavaScript.
I've been reading through the SDK documentation and various articles regarding facebook integration but have found that a couple of fundamental questions are still open in my head!
I am trying to achieve the following:
Create a website that uses facebook only for registration and login
Use PHP to store facebook user id of registered users in a database on my app server, along with some limited app specific info for those users. All 'generic' info (email address, etc.) should be retreived from facebook.
when a user logs in, get a combination of database records for that user, and facebook stuff.
What I've achieved so far:
I have used the registration plugin to display a register button to unregistered users, and a login button for users who are logged out when they land on the page. I hide the login button using javascript and jquery if the user is already logged in.
I also have a page which receives a registered user and interprets the signed_request, adding the user's id to the users table in my database.
Where my confusion arises:
I want to use the Javascript SDK for user authentication (as it's really easy) - this is obviously done asynchronously on the client side.
Having said that, once a user has logged in using the JS SDK, I need to get some data from my database. I am happy to do this via an AJAX request, BUT that would require passing the facebook user id as part of that request. Surely this could be easily spoofed/changed by a savvy user & they could hence login to my application as someone else?
Question:
How do I securely pass information about a user who has logged in using the JS API to my server?
If the answer is "you can't" then why bother authenticating with the JS API? Is that just for apps that are really light touch?
Thanks in advance for any help!
The simple answer is, you use cookies. This Facebook blog post has a clear example of how to implement a client-side login and expose that data to the server.
Take a look at signed requests: https://developers.facebook.com/docs/authentication/signed_request/
It gives you a nice little primer on how signed requests work and how you can/should use them. If I understand your question correctly, this should answer your question as to why/how you can provide an extra layer of security. Send a signed request that only your application with its own app_secret can decode.
I'm building a custom .net web app with a wordpress frontpage and CMS.
I'm using session variables to check if the user is logged in to the web app.
What I'd like to be able to do is display on wordpress whether or not the user is logged in to the webapp.
Is this possible and if so does anybody know how I would go about doing it?
Thanks,
Andrew
Use a cookie and a database. The cookie contains some unique ID for that session, which you store in the database. Nothing specific to asp.net or php about cookies. Either app can obtain the key from the cookie, and look up the session info in the database.
i am wanting to create an open id login, i am wondering if i use one of the classes from Creating an OpenID Login widget, like openid selector library or openid real selector. btw, is realselector newer/better, since its a rewrite of openid selector library
is there a getting started tutorial? i see that in both i can easily login using open id. but how will my application handle the login? like i guess my app needs to handle the postback from google or something? eg. in stackoverflow, i will go and create my profile? how will i check also that the user has logged in and which user. eg. in PHP, i may store a session variable $_SESSION["userid"] and check for it.
in Staying logged in between pages it tells me to check for cookie, but what cookie isit? what if i want to check in PHP/ASP.NET?
Zend made a rather good article about this subject on their site.
http://devzone.zend.com/article/3581
There they explain how it works and shows a lot of example code. I have not been working with
the classes you are mentioning, but the zend-article might give you some clues of how to solve some of your questions :)