I am have install Two codeigniter develope two different different site in localhost.
issue is that any of site login after this session value config with anther value.
in two site for login i am create same session it;s name is user_login
when one of site login another side automatically login.
if logout one to site another site also logout.
so can you guide me how to setup and what are the change in config file to maintain session?
In you config file change the value of
$config['sess_cookie_name'] = 'you own name for the session'
and this will not occur again.
This is because both are using the same session name which is mention in the config file
Related
I have a Laravel 8 application. The session is not working if deployed on the subdomain.
For example, I have a domain "example.com" and we have created two subdomains testapp.example.com and app.example.com for testing and staging environments.
When deploying the application on testapp.example.com first we observed that session not working after that updated config/session.php to set session domain = ".example.com". Initially, it was working after this change but when again the application deployed on "app.example.com" session not working on testapp.example.com. It is working for "app.example.com". I want different sessions to be maintained on these different subdomains, dont want to share session between subdomain. Can anyone suggest?
Thanks.
You do not want to set that session domain, that is the session_domain configuration if you wish to share the sessions across subdomains. By default it will not. You need them to be set to app.example.com and testapp.example.com accordingly. This is the SESSION_DOMAIN in the .env file
Alternatively you can simply change the SESSSION_COOKIE for each application. This is best set in the .env file as SESSION_COOKIE=testexample.com or alternatively in config/session.php if you already modified the default laravel settings in there.
I am new to Laravel. I have created a domain and subdomain with a specific domain group.
domain.com
admin.domain.com
On my domain.com a user can login. And in the subdomain admin.domain.com an admin can login. The problem Im having is when a user is logged in the root domain the admin subdomain is also logged in. I want the root domain and subdomain to be of different sessions. Please help!
This problem is not on framework, I got this problem when I worked with Yii 2.0 too, the issue because sessions general from application key, the solution is make key different between root and subdomain.
The solution here is you have to general another Laravel Application key on your subdomain follow the document:
php artisan key:generate
Application key [Idgz1PE3zO9iNc0E3oeH3CHDPX9MzZe3] set successfully.
2 keys in root and subdomain have to different.
Hope this help.
Laravel by default uses a single cookie to keep session data and manage its authentication system, thats why your user keeps logged across your subdomains, because your cookie is still there.
In this case I think you have 2 options:
1st: Create a different auth system using middlewares for each subdomain group to manage sessions (lets say you create/read a different cookie for each subdomain, but this could be a little bit tricky if the same user want to use the app across different subdomains at the "same time").
2nd: Use a different session driver (lets say database e.g.)
Our Laravel 5.1 application has been using the "native" session driver setting (configured in the .env file). With it set this way, we were able to use the laravel url.intended behavior to redirect the user to the url they were attempting to access prior to being authenticated.
We had to change it to "cookie" because every time we use Amazon's Opsworks system to deploy a new build, users were logged out because their server-side session files were no longer available. Once we changed it to cookie, the users remain logged in even when we deploy a hotfix or new build.
However, with it set to cookie, the url.intended does not work at all. I tried hacking together some solution by adding a custom url intended node, but it just won't work. It seems like when the user attempts to access a url prior to being logged in, it sets the session info, but then the application redirects the user to the login page where it's getting nulled out.
I'm using Debugbar to look at the session vars and I'm going crazy. I'm already bald so I have no more hair to pull out.
Does anyone have any ideas?
We ended up setting up a Dynamo database at first and then transitioned to Redis on a common server. We have a load balancer and don't want sessions getting lost or corrupted by switching servers so all cache is now being stored in that common location.
I have two MVC3 sites, both hosted on the same server that I've configured to use the same authentication cookies.
The first site is an intranet site using Windows authentication. This site has one simple Action that checks to see if the user was authenticated, if the user has been, it creates a FormsAuthentication cookie that it adds to the response. This cookie is created for a generic user that I determine from the User's AD groups. The response then redirects the user to a second site that uses Forms Authentication.
When I run this on my local machine, everything works as described above. When I deploy this to our local web server, it doesn't. I've tested to see if the user's group is correctly determined and that it creates a valid user for the cookie, and I have verified that this is correct on the web server.
Here is how I'm doing all of the above:
First, I made both sites use the same same Machine Key for encryption and decryption.
When I create the cookie in Site1, I ensure that it has the same name and Domain as the cookies created on Site2.
var cookie = FormsAuthentication.GetAuthCookie(userName, false);
cookie.Domain = FormsAuthentication.CookieDomain; //This is the Domain of my 2nd site as they are different
HttpContext.Response.Cookies.Add(cookie); //Add my cookie to the response
HttpContext.Response.RedirectPermanent(urlForSite2);
Again, when I run this on my local machine it works without a problem. But when deployed, it's either not passing the cookie in the request, or the response is ignoring it, but I'm not sure how to verify either of these cases.
Feel free to ask any question regarding more details as to how I'm doing this if it will help in getting an answer I need.
Cross domain cookies are not allowed. If you have two separate domains; one cannot access the others cookies. Two separate virtual directories/applications will work when using the same machine key. http://blogs.technet.com/b/sandy9182/archive/2007/05/07/sharing-forms-cookie-between-asp-net-web-application.aspx
If you want to share login cookies between sub-domains you need to edit the Domain property of the login cookie to the 2nd level domain "abc.com" so that "www.abc.com" and "ww2.abc.com" will have access to the cookie. http://forums.asp.net/t/1533660.aspx
String usrName = User.Identity.Name.ToString();
HttpCookie authCookie = Security.FormsAuthentication.GetAuthCookie(usrName, false);
authCookie.Domain = "abc.com";
Response.AppendCookie(authCookie);
Actually, it is possible, but isn't as simple as the domain/sub-domain cookie sharing.
http://www.codeproject.com/KB/aspnet/CrossDomainSSOModel.aspx
While the example given in this article didn't apply directly to what I was doing, I could use some of the ideas expressed there to get what I needed working. It ended up being my configuration settings in site2 web.config.
My URLs are as follows
Site1 = http://site.stage
Site2 = http://site.stage.MyCompanyName.com
Site 1 requires a host entry addressing it to a specific IP address of the hosting machine. It's also an entry in my IE Security settings - Local Intranet Sites.
I should note that these applications are both virtual directories running under the same default website.
I thought I had solved my problem but setting the Domain in the config file to and empty string, but this didn't work. I'm not sure what can be done now. This still works when I run it on my local machine, but not when I run it on my server. The only difference is the urls.
My dev machine is using the urls
Site 1: http://localhost/CompanyName.TVAP.IntranetSite
Site 2: http://localhost/TVAPDev/
I hope this adds some clarification. This Answer should really be posted as an edit to my question, but when I originally posted it, I thought I had it working.
UPDATE: I think my answer is in my URLs above. My dev machine URLS both are using the same domain name, which in this case is localhost. I think if I alter my deployed websites to use the same domain, I will be OK. I'll post an update when I get it worked out.
I've trying to add a messageboard to my Codeigniter web site. Everything has gone well except for one little part: I'd like my log in from the main site to carry over to the messageboard. Since the messageboard is not able to run in Codeigniter, I made a subdomain to run the messageboard in. This means that the main site and the messageboard do not share cookies. The messageboard is Phorum-powered, so there's a hook that I can use to sign in if I have the user_id of my user. In other words my problem basically boils down to being able to run a function on one domain that can get the user_id variable stored in the session of another domain.
Here are things the I've tried:
Setting up a controller in codeigniter that uses ci->session to echo the user_id. Then in the messageboard, I used CURL to fetch me the output of the codeigniter controller. This doesn't seem to work because CURL doesn't carry cookies or sessions or something, so codeigniter can't access it's session when called through CURL.
Same thing but with file_get_contents. File_get_contents is disabled on my server.
I'm pretty much out of ideas. Does anyone know a function I could write that would get me a CI session stored user_id from a different domain?
Here are two things you can try:
1) host the forum in a subdirectory of your code igniter project. So your two websites will have the url http://mysite.com/ and http://mysite.com/forum. Now that they share the same domain, you can access the session.
2) In your forum login page, display the message "auto-signing in". On that same page add an iframe in the html with the src="http://mysite.com/autologin/tokenid", but hide it with css. The autologin page will have CI session information, which you can temporarily make available to the world via a hard to guess tokenid and by echoing $_SESSION['user_id']. Remember to expire this page when you are done with it. Then refresh the forum's login page and use CURL to grab the publicized session information at http://mysite.com/autologin/tokenid. This is full of security flaws, so do it only as a last resort.