I am trying to implement common login in multi website for group of sites.
Suppose we have one site which have multicurrency and each website have different payment,price and inventory.
Example : uae.abc.com, in.abc.com, uk.abc.com all website should belongs to abc.com group of websites should have common login, similar would be xyz.com website.
if we tried using customer scope as global than once user registered user can login to all sites be it in group or not, trying to fix using below code to access same group using customer scope as website.
I have overridden Magento\Customer\Model\Config\Share
public function isWebsiteScope()
{
if(in_array($this->_storeManager->getStore()->getId(), [1,2,3,4])) {
return 0;
}
if(in_array($this->_storeManager->getStore()->getId(), [5,6,7,8])) {
return 0;
}
return $this->_config->getValue(
self::XML_PATH_CUSTOMER_ACCOUNT_SHARE,
\Magento\Store\Model\ScopeInterface::SCOPE_STORE
) == self::SHARE_WEBSITE;
}
But login is not working, can any one help me on this.
Thanks in advance
If you want to have single account for all multi-stores you have to do the following:
1 Share customer accounts
You can configure this feature here: System -> Configuration -> Customer Configuration -> Share Customer Accounts.
Share sessions between Magento websites.
There are 3 possible store configurations:
If your websites are located in one domain, but in different directories, e.g. "www.example.com/stores/store1" and "www.example.com/stores/store2" you can setup your "Cookie Path" to "/stores/" in System -> Configuration -> Web -> Session Cookie Management.
If your websites are located in different sub-domains e.g. "store1.example.com" and "store2.example.com" you can setup "Cookie Domain" to ".example.com" in System -> Configuration -> Web -> Session Cookie Management.
If you have different domains, in this case you can add session ID to the URL for another store. Use this construction "Mage::getModel('core/url')->addSessionParam()->getUrl('...')" to get the URL with session parameter.
After that your customers will be able to switch between multi-stores Magento websites without re-login. In other words, if customer will login in one Magento website, he will be able to see another multi-store Magento website using his first store account.
I think that that would be prohibited by either browser Content Security Policy or website XSS prevention. You could try a Microsoft-based sign in system so you could have a user data retrieval from a third database that only allows data to be accessed by the accounts that add it. Then, you also would get all the benefits of Microsoft security.
Related
I have a main website example.com, develop using Laravel. This website also provide a personal page for subscribed users at example.com/user1, example.com/user2, etc.
Currently, I control the access by URL, by verifying the username in the URL if the user is active or not.
However, I'm planning to give the URL its own domain. I have read about using DNS & htaccess, but it has to be done manually for every single user. I'm planning something that can be control programmatically.
We run a multi-store/view magento site. Let's say our site is called www.domain.com (running the "retail" store) and another url trade.domain.com running the "trade" store
When a customer requests a password reset from trade.domain.com, they get a password reset link like this: http://trade.domain.com/customer/account/resetpassword/?id=12&token=84fb6f65548995191e526b815982bf23
Clicking this link re-directs to login page with the error Your password reset link has expired..
However, if you replace the "trade" from the domain with "www" like this: http://www.domain.com/customer/account/resetpassword/?id=12&token=84fb6f65548995191e526b815982bf23
The password reset appears to be working correctly.
Any idea why this is happening? Have I configured the magento incorrectly? Is this a known bug?
Customers are shared either per website, either across all websites, so at least, a customer account is usable on all of the store views that a website contains. Consequently, it is normal that the password reset link works for your store views.
In fact, if you would like to separate the customer accounts between your store views, you would have to create separate websites that would not share customers.
Is that subdomain password protected? That could be a problem or if subdomain is set up with a password protected extension, they won't be able to access example.com/customer/account/changeforgotten/ without already being logged in. So you'll have to allow them access to that url first otherwise it'll keep redirecting. I had the same problem.
Check the cookie domain for the website trade.domain.com. In Magento 1 it's in System->Configuration->Web->Session Cookie Management. (Making sure that you change the scope in the top left to the Website you want to update it for.
I have a store that has multiple websites, each with their own view and does not share accounts across websites, and had the same problem. Changing the cookie path fixed it for me.
I have just added another website to my Magento eCommerce site and I would like my existing customer bass to be able to login to the new website with the same username and password that they have registered with for the original site. I also need any customer who signs up in the future to be assigned to both websites.
When I go to edit a user there is a drop-down box to say which website they are associated with, but the field is disabled and doesn't look like a multi select drop-down. Which would suggest to me that Magento isn't set up to share details between websites.
Does anyone know if this is possible?
In the admin, under System > Configuration > Customers > Customer Configuration > Account Sharing Options, you'll be able to choose between sharing accounts per website or globally.
I am working on building a learners website (http:localhost:8080.xyz.com).This is being built on glassfish server using gwt.I need to integrate forums(http:localhost:8888.abc.com)into this site .The forum is built using php and is on Apache Server.
Both the websites share the same MySQL database and this database has a table named session table which has information about the user id and corresponding session id.
Now i am trying to integrate the forum into my website using an Iframe.
My first question here is,once the user logins into my website will my website and the iframe have the same session id?
If they dont have the same session id what would be the best way to implement the functionality that when user logins into my system he is also automatically logged in into the forum?
Thanks
Easy Solution:
Send the user (via iframe or ajax or whatever) to a page on domain B, providing the session ID as a get parameter (http:localhost:8888.abc.com/sso.php?sessid=the_sess_id), then create the cookie on domain B.
More complicated solution:
Setup one of the two servers as a reverse proxy so both apps share the same domain and cookies.
I have a web app using custom membership providers to access admin and inventory pages, each in a separate folder for different users from different database tables (hence the custom membership providers).
There are other pages in the root and other folders which are for guest visitors.
I have a login form for the admin and the inventory sections in the root which calls the appropriate membership provider for authentication and redirects to the corresponding page upon successfuly login.
Since I can have 1 authentication form entry in the web config, how can I set up the app to send to the correct login form?
(like an httpApplication.Authorize event)
My first thought was to have an HttpModule that checks the path and if the inventory or admin folders are in the path and the user is not authenticated then redirect the user to the login page.
Is that the best approach? Is there another way?
Thank you
You could have a web.config file in each of your protected folders, and each referencing its own login page and membership providers. This would be much simpler than trying to decide which provider to use on a single form.