I have a webserver with a drupal 7 installed on.
Many primary domains are pointing to this webserver (es domain1.com, domain2.com) and each domain is see the same website.
But if i log in into one (domain1.com) when i visit the domain2.com i'm not logged in.
I know that is a domain cookie problem, but there is a way to generate the cookie for a list of domain when i register/log in?
Hope that someone can help me
Here my module developed for getting a SSO system working with Drupal and Domain Acces.
https://github.com/andreacavattoni/DomainSSO
This is the very good question and have done small research on your question on different ways:
OAuth:
After reading the documentation and gone through many service providers it is not possible. Oauth service provider gives the consumer key and secret and they check the request coming from the domain and thus if the same oAuth consumer key is used on different domain Names that doesn't work.
Setting Cookie Multiple domains
Simply, it is not possible to set the cookie without visiting the domain by any means
Thus, I can say that it is not possible to set cookie or use the same consumer key and secret for multiple domains
Alternative ways
Use HTML5 Web Storage for storing the information and then accessing
the information from different domains is possible.
Use AJAX/CURL for sending the request for setting the cookie for different domains such as example.com/session_cookie.php?info=xxxxx
Maintain a single sub-domain/page for all the domain for login purpose for across all the domains.
I think you may want to look at Bakery
Could be of interest: Stack Exchange Blog: Global Network Auto-Login (using HTML5's local storage)
Related
I have two laravel projects in te same server (mydomain.com and sub.mydomain.com) with different database but the user ID's are the same.
I want the session to be the same on both platforms, How I do this? It is posible?
According This answser, you have first to set the cookie domain to ".example.com" to enable sharing accross subdomains.
To answer in a more laravel specific way, you have to change the 'domain' value in the config/session.php file. Beware of implications when in local environment.
Also some things are to be taken into consideration. If the two domains are differents laravel APP, please ensure that they are sharing the SAME APP KEY so that cookies are valid on both apps and that they share the same session storage (same db table, or same folder path, adjust to whatever driver you use).
Beware that by sharing the APP KEY, compromising one app will enable the attacker to probably access the other one. (make sense as a real user that have access to one, will have access to the other). To be more secure, look into oauth providers that will enable the user to access apps with a single shared login system.
Currently I want to share a variable (cookie) between a WordPress (WP) application and CodeIgniter (CI) application.
Both application have the same hosting:
the WP application is using the domain,
and the CI application is using the sub-domain.
They both share the same database, and tables.
The main problem I am trying to solve is that I do not want the users to use the same credentials to login the WP, and later on the CI. Once they are login on WP, they do not need to login again on CI ... the same goes for the other way around.
I did some searching, and came on couple of solutions but I didn't understand them, that is why I decide to ask the StackOverflow community.
Any help, a link, description, answer is appreciated. Thank you guys.
You can set domain in cookie.
For your application requires cookies to have a domain in the field of the primary domain. in this case, the cookie will be available on the primary domain and subdomains. Set domain in cookie = main domain. Do same in wp and ci apps.
From php.net
domain
The (sub)domain that the cookie is available to. Setting this to a subdomain (such as 'www.example.com') will make the cookie available to that subdomain and all other sub-domains of it (i.e. w2.www.example.com). To make the cookie available to the whole domain (including all subdomains of it), simply set the value to the domain name ('example.com', in this case).
Older browsers still implementing the deprecated ยป RFC 2109 may require a leading . to match all subdomains.
There are 2 domains on one server. If user is logged on one domain he has to be logged on the another domain too.
How to make cross-domain authorization in php on one server?
I solved it for sub-domains, but can't solve for different second-level domains.
The main problem is that the cookie isn't send by the browser if you're on another domain.
You can't make the browser to write a cookie for another domain, too.
What can be done is send a unique token to the other domain, and when validated, write a cookie on the second domain. That can be done when authenticated, using an iframe or a double-redirect (iframe cookies are blocked by some browsers, like safari). The unique token will have to be validated by the second domain, and then invalidated (removed) so it can't be used again by another user (man in the middle attack).
You must research for CAS and implement it depending on what framework you are using. For example, in my Zend application I would use Zend_OpenId and Zend_Oauth .
I have a server on which I am using dokuwiki to host both a homepage as well as a wiki. The server is available under www.domain.com and the wiki is available under wiki.domain.com. Internally both subdomains are served from different directories.
However this means, that everybody who wants to sign up has to sign up for the both domains and manage a duplicate set of user accounts for both subdomains.
What I would like is to have a system, where anybody can sign up on both pages and only has to log in in any of the domains and get access. ACL should still be managed separately for both domains, since I might use namespace names multiple times.
I looked through the list oft dokuwiki auth plugins, but I was not able to find anything usefull for this purpose. Another idea would be to just soft- or hardlink the auth data directory in the two installations. However this would still mean users would have to log in multiple times. Also I am not sure whether my hoster actually allows such directory links, or if this might mess up the two installations.
Is there any other way to create such a setup?
A DokuWiki farm setup might help with having the same user database for both sites. Symlinking the user file is another way.
More complicated is to share the cookies between both domains. I'm not sure how to approach this best. Maybe others can offer some ideas.
Well since this is on the same server just across your various subdomains I would imagine you would want to store the user info including logins in a shared database so that no matter which app/subdomain you insert their registration data and query for their login info from the same database. Then it's a matter of using PHP sessions for keeping track of if they are logged in across subdomains. There is already a length stack on how to achieve that here:
PHP Sessions across sub domains
Try setting the Cookie Domain to .yourdomain.com
This means your browser will deliver cookies to subdomains of yourdomain.com.
So cookies will beshared among www.yourdomain.com and wiki.yourdomain.com
I have a website which creates a cookie and I want to use this cookie in my application on Facebook. is it possible? if not, any idea how to recieve information from my website and pass it to Facebook?
You can't share cookies across domains - just subdomains. That's by design, and important (tm).
Can you have the user log in to your site using Facebook Connect to share a session across the two sites?
Just as Andy said, you can't share cookies across domains and this is an important security feature. Another thing you can't do is make cross-domain AJAX requests.
What's odd about your question is you're asking about a facebook application. Facebook applications are not hosted by facebook, so therefore you are hosting the application yourself. Since you are hosting the application yourself, it is possible you're hosting the application on the same server and even domain. Therefore if that is the case, as long as your facebook application is using an iframe and points to the application hosted on the same domain you can have cookies accessed from both the application and the website. But again, I repeat this is only if your facebook application is using an iframe and pointing to a domain that is the same as your website.
Tip: If your application or website is a subdomain, make sure to put a dot before your cookie to make it accessible on all subdomains. i.e. .domain.com