I have an application of laravel that is on main domain i want to share session with subdomain.com which is on magento ! there would be a button on main website on laravel dashboard to go to store of magento and when user lands on it session should be created automatically like single sign on, how to achieve this?
There is many approach for example in micro service architecture there is special engine (app) to manage authentication, but for now
To keep your sessions going across multiple domains, you need to use
session_set_cookie_params(). With that, you can specify your domain. For example...
session_set_cookie_params(10000, "/", ".main.com");
That will set the session timeout at 10,000 seconds for all documents under the site root, and for all subdomains of main.com.
You should call session_set_cookie_params() before you do session_start().
Note: to achieve this functionality there is bunch of method but keep your own track and dive deep in all approach s
Related
I have a website, running on Laravel 8 and Vue.js 3. Admin panel's front-end is completely on Vue, while guest users are served with Laravel's blade.
I have worries about unauthorized client's possibility to inspect admin panel's code on login page, as it's part of Vue.
Of course, client will not get any information from server, without authentication. All she/he can see is blank panel with no information at all.
So the problem is, client can analyze a whole functionality of code, view all routes that is used to manage site content. This gives full information to security researchers where to target, what to send and what to expect.
Also, I know about Asynchronous Components, but this is not answer here, as those component's are named by predictable names. So it's possible to get whole working code anyway.
If I will make subdomain separately, those subdomains can be also scanned and exposed. As managers are working from separate locations, denying of route, based on IP address is also not solution.
How to control this from Laravel, so only authenticated users can see panel's code? Should I try to fix this at all?
The way I do is by compiling two differents files using webpack and a logical test whitin the blade file.
So, depending on the user type, the page will load differents files, but I do not mind them staying in the public directory. I put every administrator request inside an administrator middleware.
You can make laravel moving files from public directory and an another one using some sort of control. Exposing your admin files only when an administrator request a page and until the load is done. I know this is possible, I never tested it myself.
I have created an application with Laravel 7 that contains users that can log in.
In parallel, I create a showcase site for the application (another domain) and essentially html/css.
I would like on this showcase site to propose login and registration buttons if there is no user connected to the laravel.Otherwise I would just like to propose a "Dashboard" button if a user is connected to the Laravel application.
How to do that? I confess that I'm a bit lost. Thanks for your help.
You need to create an API on the laravel app which will be used by the "showcase site".
To login and authorize themselves you can use JWT
to keep user data and use it on the showcase site you can either save them in
localstorage (just be careful not to save any sensitive data there as people can take that information in case of XSS vulnerable)
indexdb
cookies
None of these methods are safe. They can be exploited using XSS so i advice on using JWT to secure sensitive data.
I have a live application for my app,(say at mysite.com). As part of my customer on boarding, I have a demo site at (demo.mysite.com), this is where I show potential customer what the app can do, etc. (Different databases and url). In order manage my system, i created also an admin panel on my live site.
Is it possible for me to control the demo site from my live site admin panel. I need to perform activities like,
After a user signs up on live site for a demo account, I create a demo customer via the admin panel after reviewing the request. Which means I need to access the demo site via controller to make a new "demo" customer model, is this possible? I know that I can make multiple mysql connections from live. But how can I perform Eloquent model operation from my live site?
Should I set up a different set up for my demo site.? Is this over complicated? I can set-up a demo accounts for my potential customers on my live site as well. I chose this set up thinking that it's safer in terms protecting data on my production site.
$demoUser = App\User::on('demo')->create([
//your attributes
]);
Here is an example how you can achieve an Eloquent operation on another connection. The on method returns a Illuminate\Database\Eloquent\Builder instance, btw you can go on and do whatever you want.
just finishing up building a vehicle and customer management system for a car sales. Everything is pretty generic so was exploring the possibility of creating a service from it.
What sort of options are there for keeping and managing a single code base and database but only retrieving client specific data.
The app is API driven using Laravel and a VueJS front end.
My aim would be for a client to purchase a domain and then be able to point this domain to the Forge server IP as normal.
I would still have the site created on Forge, but would just have an ENV file within it that contained specific requirement data.
But they how could I get all these sites to use the same codebase? As in, I would want a single site set up that contained all the code but the various sites could use this?
Hope some of this makes sense, any information into keywords or links would be great for what i'm trying to achieve.
I have implemented many multi site implementations in the past, so I get how to set up the environment. What I haven't done, is set up multiple websites that can share the same cart session.
So if you are on site1.com and add something to your cart or are logged on, when you go to site2.com you are logged in and have the same items in your cart.
From what I read around the forums, well there isn't much about the best way to share session. But I do know that using the configuration to enable SID on the frontend will pass the session id if you transfer between sites. I figured this is all you need to have, but I see where people are saying that only stores can share checkout sessions and that stores can have their own domain.
I am thinking the best way to do this is to setup multiple websites not one website multiple stores and then just make sure when linking to the other site, I use proper magento url methods to build out the link and it will pass over the SID and the users session will be transferred over.
Is this the preferred way to do this? Is there anything I need to know in terms of configuration? Is there any negatives doing it this? Is there a better way?,
Well if you want to have such possibility only for logged customers then i propose to you to use sales_flat_quote table which is represented by Mage::getModel('sales/quote').
With this model you can manage cart and focus only in passing customer identifier which would bring us to security subject... How would you pass customer identifier in secure way as SID isn't very secure.
Plus SEO doesn't like SID in URL from what i've heard.