I'm building a custom .net web app with a wordpress frontpage and CMS.
I'm using session variables to check if the user is logged in to the web app.
What I'd like to be able to do is display on wordpress whether or not the user is logged in to the webapp.
Is this possible and if so does anybody know how I would go about doing it?
Thanks,
Andrew
Use a cookie and a database. The cookie contains some unique ID for that session, which you store in the database. Nothing specific to asp.net or php about cookies. Either app can obtain the key from the cookie, and look up the session info in the database.
Related
I am new to Blazor and I am creating a prototype website for a project. I am aware of the Blazor Authentication/Authorisation function but I don't want to use this. Is there an easier way to store the logged in users id such as the way you can store this with PHP start/end sessions for logged in users?
You can use browser local storage or session storage to store user id. ProtectedBrowserStorage library may help you
I have built the the bridge between my system and smf which is working. It sets the cookie using the smf api then allows the user to login. But when the users goes back to my site which is a custom built site using standard sessions the user is logged out.
I am using the smf_1-1_api.php include to accomplish this.
with this code
smf_setLoginCookie(21600, $user['login'], $passwd, true);
smf_authenticateUser();
Thanks in advanced for your help
I thought I might build a bridge back to my site which logins me back in?
This was from the session name was the same on both applications. I simply change the session name in my app and it no longer logged me out.
There is a portal that a company's users are familiar with, and we will put a link to login to a different portal on a different machine. This process would not require username/password check, just hitting the link will log them in.
How can this two delivered in secured way? We don't want that anyone with the link to be able to log in, how can we make this to work between the two platforms?
I'm presuming the two portals aren't able to share sessions/cookies. If they are you can just use those to keep track of who is logged in where.
In the situation where that's not possible, you could use an authentication API, which you could query to see if a given user_id is logged in on that portal. This could be a very simple API which returns a yes or no, or you could develop it to be more complex.
Additionally keep in mind that there are Open Source choices out there. Open ID is a system that stackoverflow uses, for example.
Easiest method would be script on main site, that waits for session ID in POST/GET input, if session exists, it outputs user name. The new site server, when user comes in, reads in cookie with session ID, sends a request to main site server script and asks if session ID exists, if exists, uses that user name, for new site server.
I've been following the guide here: https://developers.facebook.com/docs/authentication/
Once I have the server-side flow section working and have access to the accounts information is the idea to then store that information in my database and create a session for the user? That way they can log in and out of my site?
If not, how does my site access the user's information and log the user out when needed?
Thanks!
i check if the user is already saved in the DB, if not i create the users account and then save the info in the session (login the user on my site).
I prefer to use the php SDK provided, because it's easier to call the fb api, and i mix it with the Javascript SDK, to show the login buttons and pop-up... also for the like buttons
Good Luck
I am writing an application in CodeIgniter and I have concluded that it's best to write two applications. One for back office and one for client use.
I would like to have just one login screen. It will be in the back office application but if a client user logs in then I want to redirect to the client app and create a session there. The database user table stores the user type i.e. client or admin.
I have come up with the following solution. As I want to this the correct way I said i'd run it by you guys to see what ye think.
User logs into admin CI app.
Admin CI app verifies user and determines type. If admin then go ahead and create session etc.
If the user is a client then MD5(user_ip+timestamp OR make a secure token some other way) and store in a token field (user_table) in DB.
redirect the user to the client admin via a login page. The paramters would be the token and username. The login function would then go to that user in the database and verify the token.
On successful authorization of token the CI client app would start a session and let the user in.
This seems like a very long winded method. Ideally there would be a way to start a session for one CI app from another?
Any ideas?
Thanks.
Once you've verified admin or client, I would use the CodeIgniter session class with the ci_sessions table in your database.
http://codeigniter.com/user_guide/libraries/sessions.html
Then to distinguish users from client or employee add a variable to the session.
$this->session->set_userdata('user_type', 'client');
Then just use that if ever you need it.
I would go about making 2 applications under HMVC (Hierarchical-Model-View-Controller) framework.
HMVC CodeIgniter Tutorial
Then you can go about using same sessions under multiple applications, as well as use the same models for user management, etc..
HMVC helps you modularize your applications, thus if you want to add more applications in the future, you can easily do that, passing over same sessions and such.
I answered your question in a bigger scope, one central login with 2 apps, best should be done with HMVC.
:)
Might wanna check out BackEndPro for CodeIgniter, could save you a lot of time.
Includes:
User Authentication with registration & account activation
User Permissions by using ACL (Access Control Lists)
Admin GUI backend for editing Site-wide Preferences
Built on Matchbox (for Modular development)
Asset Library (optimize, cache, and load JS & CSS)
ReCAPTCHA
Status messages (info/success/warning/error messages for the user)