I have two laravel projects in te same server (mydomain.com and sub.mydomain.com) with different database but the user ID's are the same.
I want the session to be the same on both platforms, How I do this? It is posible?
According This answser, you have first to set the cookie domain to ".example.com" to enable sharing accross subdomains.
To answer in a more laravel specific way, you have to change the 'domain' value in the config/session.php file. Beware of implications when in local environment.
Also some things are to be taken into consideration. If the two domains are differents laravel APP, please ensure that they are sharing the SAME APP KEY so that cookies are valid on both apps and that they share the same session storage (same db table, or same folder path, adjust to whatever driver you use).
Beware that by sharing the APP KEY, compromising one app will enable the attacker to probably access the other one. (make sense as a real user that have access to one, will have access to the other). To be more secure, look into oauth providers that will enable the user to access apps with a single shared login system.
Related
I have two different projects in symfony2. I am using symfony2.3 version.
I have used fosuserbundle for user authentication.
I have one server. I have uploaded my both projects at
/var/www/html/project1
/var/www/html/project2
And i am accessing my two applications/projects like
http://202.12.0.0/project1 and
http://202.12.0.0//project2.
(IP here is given only for example. It's not my IP which i am using).
My problem is when I login in http://202.12.0.0/project1 it store session for taking http://202.12.0.0 as domain.
So when I login in http://202.12.0.0/project2, It logout from http://202.12.0.0/project1. I need to login again.
And V/S same for project2.
I have no other option for that. I mean i have no option for virtual host for this two different project. I have LAN, and every one using this project/my-application using IPaddress/project.
I Referred Session in different applications Symfony2 But it doesn't help me.
You probably should configure both projects to use different place where session files are stored.
In Symfony2 you can do that with save_path param in framework configuration
More info: http://symfony.com/doc/current/cookbook/session/sessions_directory.html
Also it can be done strictly in PHP with session_save_path function.
Edit.
Also changing just session name could work too. You can do that either by framework configuration or by session_name PHP function.
I have a Laravel 4.2 application deployed on a server on our intranet called "Dashboard". It can be accessed via the URL http://dashboard.mydomain.local/ and uses the "native" driver for session storage.
I am in the process of reconfiguring the application to run in Docker containers. The new site can be accessed via http://dbdock.mydomain.local/ and is running on a different server. The new site uses "redis" for sesson storage.
Here's the problem:
If I'm signed in to one site and then sign into the other, then I get signed out of the other.
Here's what I've tried:
I updated the application URL in the config/app.php file.
I changed the the encryption key.
I changed the session cookie name in config/session.php
It seems to me that the sessions should be kept strictly separated in this case because a) the session store is different (filesystem vs. redis); b) the session store is on different servers; c) the URLs for the two sites are different; and d) the session cookie names are different.
I can't understand how these two sites are conflicting with each other. Can anyone explain to me what's going on in this case?
Edit I should mention that these two applications are using the same database server for the user database. This is for the purposes of transitioning away from the original server (which is going to be retired in the near future).
I know this is a bit old but I had the same problem with two Laravel projects and when I changed the session cookie name in config/session.php for one of them, the problem solved.
I think you should delete your browser cookies.
Here's the thing:
I have Website A in Server 1, a CakePHP 2 based website without any kind of login system.
I also have Website B in Server 2, another CakePHP website which has its login system (uses CakePHP's Auth for more details if it matters), with a login form in first page where users can enter login/password to access it.
So now what I need to do is to add a login form in website A that logs users into website B (as if they had used the form in website B).
Is that possible? If so, what approach should I take to do that securely? (By that I mean without plainly exposing the users credentials).
I assume you're doing this so that you can go between multiple sites, but only login once? I've come up with a way to do this, provided that the sites share domains, but are hosted on different subdomains by getting them to share session. The reason this only works on websites that share domains is because two completely unrelated websites cannot share cookies, which is necessary to get them to share session.
Note that since your goal is to make the two servers completely share their sessions, you will encounter some problems, like for example, flashmessages for one site will appear on both. I ended up extending the Session component so that it would automatically append to all session variables with a prefix to specify which server the session variable belongs to.
Here's an outline of the steps:
The login server will need to be able to host shared sessions, probably via memcache's session save handler, which you will need to install on both your servers. See more here: http://www.dotdeb.org/2008/08/25/storing-your-php-sessions-using-memcached/
The login server's site will need all the regular stuff for a login system, but you also need to set the server up so that it will use the shared memcache session instead of the normal way of saving session. Example once you have memcache installed, add to its php.ini file:
session.save_handler = memcache
session.save_path = "tcp://[login server ip]:11211"
The other server's site will also need to use the shared memcache session stored on the login server, so config its php.ini the same way you did for your login server. Then, set up the Auth component on this site so that it will require logins, but for actually logging in, redirect them back to your login server.
On both servers, in bootstrap.php, add the line ini_set('session.cookie_domain', '.' . ROOT_DOMAIN); Where root domain is the root domain both of them have. So if you were using test.com and subdomain.test.com, ROOT_DOMAIN would be "test". This way, the websites will also share their session cookies.
Make absolutely sure both servers are set to the same time. If their times don't match, you'll likely randomly lose your session because one of the servers will think the session is much older than the other server, and so it will delete it because it thinks the session is too old.
I have a webserver with a drupal 7 installed on.
Many primary domains are pointing to this webserver (es domain1.com, domain2.com) and each domain is see the same website.
But if i log in into one (domain1.com) when i visit the domain2.com i'm not logged in.
I know that is a domain cookie problem, but there is a way to generate the cookie for a list of domain when i register/log in?
Hope that someone can help me
Here my module developed for getting a SSO system working with Drupal and Domain Acces.
https://github.com/andreacavattoni/DomainSSO
This is the very good question and have done small research on your question on different ways:
OAuth:
After reading the documentation and gone through many service providers it is not possible. Oauth service provider gives the consumer key and secret and they check the request coming from the domain and thus if the same oAuth consumer key is used on different domain Names that doesn't work.
Setting Cookie Multiple domains
Simply, it is not possible to set the cookie without visiting the domain by any means
Thus, I can say that it is not possible to set cookie or use the same consumer key and secret for multiple domains
Alternative ways
Use HTML5 Web Storage for storing the information and then accessing
the information from different domains is possible.
Use AJAX/CURL for sending the request for setting the cookie for different domains such as example.com/session_cookie.php?info=xxxxx
Maintain a single sub-domain/page for all the domain for login purpose for across all the domains.
I think you may want to look at Bakery
Could be of interest: Stack Exchange Blog: Global Network Auto-Login (using HTML5's local storage)
On a Linux-hosted sever, I have the same web app installed on two user's accounts (http://host.com/~linux_user)
As you might guess, I have problems because sessions are shared between user accounts.
From now on, I'll store them as a session array ($_SESSION['linux_user']['my_data']).
Is this a good approach?
You can also get rid of the problem with using a custom session handler, which handles session storage as you want it to : database, memcache...
More info here : http://php.net/manual/en/function.session-set-save-handler.php
"From now on, I'll store as session array $_SESSION['linux_user']['my_data']. Is this a good approach?"
No, as those session variables will only be available in one user account. What you need is a single-sign-on technology, like if you want to stay logged in over multiple domains. For example you may use OpenID.
Or you store the PHP-session at an explicit location (within the filesystem or in a database).
But why/how do you have the PHP-app installed into two different user accounts? If I set up an Apache web-server, it runs as a separate user…