I need to share session values between domain A and domain B.
I am trying to login to domain B,the code for login and signup are written in domain A. Once logged in the user will be redirected to domain B.The problem i am facing is that i am unable to fetch the unique id of logged in user which is stored in session. Call to login function is made via an API.I am able to store and fetch the session value on the same page. But when i try to fetch the session value in different page, its showing null.
Note: domain B is not a subdomain. They are two different domains.
Can anyone help me in solving this issue?
Related
I have two domains (ex:a.com,b.com) with the same Database, need to log in whenever logged into the alternate domain.
if a.com was logged in b.com also wants to log in
I already tried calling curl URL and passing unique id and get user details from the database using unique id and start the session and set session values to the variable, the session was set and got in response but the second domain was not logged in
Good morning!
Here is the problem i'm facing: (i'm using NuxtJs and Laravel Sanctum)
I have a domain : 'testingdomain.com'
And with this main domain i have subdomains such as :
myfirstdomain.testingdomain.com
myotherdomain.testingdomain.com
connexion.testingdomain.com
my application work this way: i have the connexion.testingdomain.com that help my users getting redirected to the corresponding url for example:
A user 'john.doe#gmail.com' is registered in a company that use the url 'myotherdomain.testingdomain.com' so whenever he write his mail in the input displayed in connexion.testingdomain.com, he will be redirect to the corresponding url which for this example is -> 'myotherdomain.testingdomain.com'.
However if the user is logged in 'myotherdomain.testingdomain.com' and re-enter the 'connexion.testingdomain.com' i would like him to be redirected to the subdomain where he is authentified but i do not know how to achieve this because i can't access the $auth state from the 'myotherdomain.testingdomain.com' (he is logged so this.$auth.loggedIn is true) in 'connexion.testingdomain.com' (this.$auth.loggedIn is set to false)
Has anyone faced a similar problem and could help me ?
Thanks
I developed a multi-tenant database schema. Each subdomain connects to its respective database. Each schema has, for example, its own user table, therefore, when the user accesses the url of his own subdomain, Laravel authentication uses respective user table.
Everything is going very well, but the 'challenge' now is, I need a form where the user can select which domain he wants to connect to, but in that same form he already gives his username and password.
The point is:
You can authenticate to a particular subdomain (example: AAA), using the credentials for that subdomain (AAA) but with the form open on another subdomain (COMPANY NAME CCC), and if redirected, with authentication done to AAA subdomain?
Should I extend the class 'AuthenticatesUsers' and/or LoginController? I know that in the Laravel documentation there is a section 'Manually Authenticating Users'.
But if user is in the URL of CCC subdomain but user wants to be authenticated to AAA subdomain, I 'imagine' that AUTH facade, this will use the USER model of CCC subdomain, if this is true, so I think, I would need to be redirected first to the AAA subdomain and do an authentication after redirection, or I can authenticate first, create the authentication session from another subdomain, before redirection?
I have this web app written in AngularJs that uses cookies to authenticate the requests in a REST API.
Once the user logs in, the cookie is received and saved in the browser and all subsequent requests send the cookie along to the server. There is a 'User' service/object that saves the isLoggedIn and username values (for UI display/flow). Now, if I refresh the 'index' page, the app restarts. This means that my 'User' object will be cleared. I can check the existence of the cookie and, if it exists, I can re-set the User.isLoggeIn as true and go from there, but I still need to get the username, id, etc. So, my question is: should I create some sort of 'ping' endpoint in the API to verify if a cookie is valid? And if so, the API would send me back the user id and username... OR should I persist the user data in LocalStorage (or some similar cross-browser thing) and just assume the user is logged if the cookie exists? Any other subsequent requests to pages that need authentication would be automatically verified. So, this question really only applies to the scenario where the user refreshes the index page - hence, restarting the web app. I want to know the user data because I want to show a 'user homepage' instead of the 'public homepage'.
What do you think?
You should depend on the server for this. Creating something like GetCurrentUser method on the server. If the user is logged on this returns all the properties of the user.
You should even use this server api to get the user data after authentication completes. So the authentication become two step process first the user is authenticated, on success another call is made to server to get current users details.
Using client side local storage for this would not be ideal because you need to do lot of book keeping, in terms of cleaning the logged in user on log out or session expiration.
Also cookies from server would have expiration times an all, and making decision just based on cookie existing on local storage may not be optimal approach.
I'm maintaining a system built in ASP.
The login process is in SSL. Meaning, when the user clicks on "Login", his user name and password are sent securely to the server.
The login process produces a Session object, which is the ID of the now logged-in user.
After finishing the login process, the page redirects the browser to a non secure page. This page tries to access the ID Session object.
Until last week, this worked fine. Our system was running on IIS6.0, and the non-secure page could access this Secure ID Session object.
However, after switching over to IIS7.5, this inevitable security hole was closed(or so I assume). The non-secure page cannot access the Secure ID Session object anymore.
Access to the object is done simply like this:
string ID = Session(SESSION_USER_ID)
just to check things out, I tried access a non-secure Session object from the Secure login pages - this failed as well.
Is there any way to access a Secure Session object from a non-secure page?
BTW, I've probably mistaken with some of the terms here, but I think the scenario is more or less clear. Please tell me if this is not the case.
I've come across this problem before, I ended up getting around it by, when changing into or out of SSL, calling a function that would write the session variables to cookies, and then read back from the cookies into the SSL session variables.