Can any one please help with a simple JS and PHP code I could use to achieve end goals below:
Domain 1: api.example.com (Simple HTML and PHP application)
Domain 2: portal.example.com (WordPress installation)
Make Ajax request from Domain 1 to Domain 2 to check if user is logged in to WP, if yes they are allowed to do stuff on Domain 1.
Related
I am trying to implement multi tenancy where each registered user will have their own subdomain -e.g. user_subdomain.example.com
My users authenticate on example.com - how can I redirect them to their subdomain on successful login/registration? -For example to user1.example.com
Check out the documentation, Laravel has a handy way of doing this:
https://laravel.com/docs/7.x/routing#route-group-subdomain-routing
check this example https://medium.com/#pagcosma/multi-subdomain-sessions-in-laravel-40fd31b199fa
I have doing tests with succes ;)
Important
I have tried many answers right here published but no one worked for me.
I have installed a fresh copy of Laravel 5.8 including the scaffolding about authentication with:
php artisan make:auth
After that in my localhost redirecting works fine when the users register with name, email, password, and password confirm.
Nevertheless when I upload it to my shared hosting:
I can:
Access to register form
Register a new user
Redirect to login form
But it fails when:
I try to login in with my email and password it only reloads the window of the browser and stays in the same page (login form)
This is strange for me because:
Works fine in localhost
No errors 500
The network tab only shows a 200 code status
Laravel log is empty
I have tried with:
protected $redirectTo = "home";
But anything happens, only the same behavior
I need to say that:
No roles
No third packages only the basic authetication system
You mention when I upload it to my shared hosting - Laravel requires some setup/installation, simply uploading is not enough. Specifically you need to set permissions on several directories. Without correct permissions, your web server cannot create session files. If it can't create session files, logins will fail - and that's exactly what you are seeing.
Update: fixed Laravel 7 link for Laravel 5.8
I have two angular applications, one is for services I have listed, other is admin login and admin uses.
For 1st Application eg URL: https://example.com/
For 2st Application eg URL: https://example.com/administrator/
If I entered URL like https://example.com/administrator/login, it going to first application, how to navigate URL's like above to my second application.
How to handle this problem?.
I think you can use different modules for different tasks. Such as for users redirect to nomal url https://www.example.com and for admin or administration use https://www.example.com/admin.
.
And use canActivate guard for admin login.
Example... You.can.see my website designed in Angular.
https://www.aman-g.com
I am new to Laravel. I have created a domain and subdomain with a specific domain group.
domain.com
admin.domain.com
On my domain.com a user can login. And in the subdomain admin.domain.com an admin can login. The problem Im having is when a user is logged in the root domain the admin subdomain is also logged in. I want the root domain and subdomain to be of different sessions. Please help!
This problem is not on framework, I got this problem when I worked with Yii 2.0 too, the issue because sessions general from application key, the solution is make key different between root and subdomain.
The solution here is you have to general another Laravel Application key on your subdomain follow the document:
php artisan key:generate
Application key [Idgz1PE3zO9iNc0E3oeH3CHDPX9MzZe3] set successfully.
2 keys in root and subdomain have to different.
Hope this help.
Laravel by default uses a single cookie to keep session data and manage its authentication system, thats why your user keeps logged across your subdomains, because your cookie is still there.
In this case I think you have 2 options:
1st: Create a different auth system using middlewares for each subdomain group to manage sessions (lets say you create/read a different cookie for each subdomain, but this could be a little bit tricky if the same user want to use the app across different subdomains at the "same time").
2nd: Use a different session driver (lets say database e.g.)
i'm trying to create a web app with back and front end separated, so there is two project here. The reason is there is a plan in the future to create mobile version as well, so i made it decoupled.
Just FYI the back are created with PHP using laravel4 and barryvdh CORS
and the front end are created purely with angularjs and bootstrap.
The current situation is that i create a rest API in my back end app to do login, auth, and logout.and in the front end i have 2 pages, which is login and index page.
Login page are composed of username, password input field and submit button,
when user click submit button, it will call the login rest API from the back end and i expect it would persist cookie to the front end page if login success, but it doesn't (because of cross origin policy, i've research as much).
The question is, is there any way to set sessions across domains now it is 2014, where any article i found are from 2012 older. If it's not possible, what's the easiest way to persist session across domain besides OAUTH2 and openID (because their learning curve are just too steep, the application i'm creating are just small app)
Thanks for your assistance.
what I have done so far to work with cross-domain sessions is to create a "passport" service on a another domain and validate & handle the session from the there.
For example...
domain1.com has webserver1
domain2.com has webserver2
passport.com has webserver3
Whenever I connect either to domain1.com or domain2.com I'm including a line at the very top of the script index checking on passport.com/check.php whether there's a browser session already initialized under the name of "PASSPORT", if so, I finish the checking on passport.com and let the script on domain1.com or domain2.com to do their stuff.
In case the browser session wasn't initialized, the check.php will redirect the index via header() to the login.php page. This will validate against LDAP and if binding the user is OK then the browser session is initialized with the name of "PASSPORT" and including all the fields I need furthermore to validate the user and its accesses. Ref back to the index once is done.
When the user goes from domain1.com to domain2.com (or the other way around) the script included at the top of each index will check the session again all the time, taking the user to the login script or letting him access the required site.
As additional checking you can create the session and add variables such as "valid until", "access level", etc.
Hope this helps and if you need further clarification let me know.
Best,
Emiliano.