I use two different applications in my CI installation. The first is called "admin"... obviously an admin panel. The second is "frontend" where everything else is. I use the same database for each of the apps and the same member tables, both for admin authentication and member auth. The problem is, since the CI session class doesn't use native PHP sessions, the session only works in the application that it is set in(which makes sense)... for example, if a user that is indeed an admin logs into the system through the frontend app and then clicks the link to the admin app, they are required to login again. If they have the "Remember Me" option selected across when they login to both apps, this obviously isn't a problem.
How would I fix this? Or do you guys think it's better to have them login to the admin app again, just to validate their admin status again?
Thanks for your time.
You could use the native php session instead. There's a class which you can just copy paste, and you'll not have to change any of the rest of your code.
Related
We have developed a web program for one of our customers, where we use the company’s AD to validate the user. We use function AdsOpenObject('WinNT://... and this work fine, whoever one fail use of wrong password, and the user is disabled, and need to be reactivated. The AD is set up to use 5 fail login before disabling, and their mail system is working accordingly.
Any ide where to look for or any idea of using another method to validate a user against an AD. We use Delphi but other solution is welcome.
I've developed an app in laravel and sentry2 as ACL. Login occurs through SAML.
Whenever a user logs in from SAML is redirected to my app where I check server variables, and if credentials are correct I let him pass to the site with sentry.
My issue occurs when I try to log in with the same account in two different browsers. Looks like when I log in in the second browser the existing session in the other browser gets overrided.
I've found out this looking into sessions table:
http://pastebin.com/6iEnRkEs
Any ideas? Will appreciate your help on this very much.
Thanks a lot!
Pablo
EDIT:
The idea would be that the app work like gmail/fb that allows the user to be logged in both browsers at the same time.
It's correct the way it is.
Different browsers different sessions. This is a security feature/matter every single app should enforce.
If you log in a different browser how could Laravel tell if it's not a different person login in from a different computer in the same network? Log someone off in this case it's also the correct thing to do, because if some kind of exploit is happening, user will see something is wrong and, maybe, change his/her password.
Some (ie: banking) also do: different browser tabs, different sessions, but this is not the Laravel case.
The situation is quite complicated and why do I need it - do not ask - boss want!
So, immediately after the default authorization i need to run the custom module, which will have an additional test for authorization in another database and depending on its result i need to decide authorize user or not.
Are there any suggestions except for source corrections?
If you are using Joomla's built-in 'Login Menu', you can set 'Login Redirect' parameter to another page and if you are using Joomla's native login module, you can set redirect parameter to any page of your site that you want.
In your case I would recommend to create a simple component (not a module) that authorizes your user for second time, and redirects them again to any other page that you want (if second login was successful) or kick the user (if second login was unsuccessful). If you do that, you'll be able to create a menu for your component and redirect your login panel (either it's a menu or a simple login module) to your component's menu.
Creating components for Joomla is not a big deal if you have a little of knowledge in php programming and there are some tools that may speed up creating your component, like this one: http://www.notwebdesign.com/joomla-component-creator/
Why not make an authentication plugin and use that rather than the core joomla one?
This is for 1.5 but the principles are the same now.
http://docs.joomla.org/Creating_an_Authentication_Plugin_for_Joomla_1.5
Are the Joomla login credentials for a user the same as the other system that you are using? If so, then you can create a plugin that passes those credentials to your other system on a successful Joomla login event.
If not, then it gets a little tricky. Either your users will have to provide both sets of credentials, once for Joomla that then redirects to your other system for the second login, or you will have to extend your user accounts so you can associate the second set of credentials to a user. You can then use a plugin to pass the related credentials to your secondary system after a successful Joomla login event.
I have a website already running made with CakePHP, which has its own login system using the Auth component.
Now I'm going to create another website using moodle, hosted in the same server. Is there any way to share the user session between those 2 websites?
For example, if a user logs into the moodle website and clicks a link to a page of the other website, he is not asked to log in again, since the system recognises that he is already logged in.
I guess that one thing to do would be to tell moodle (somehow) to use same table of users in the database that the CakePHP website is already using. And then tell the CakePHP website to accept the sessions created in that other website. Something like this right?
But I don't know how to do those things or if they even possible, any advice on how to approach this would be very helpful.
Single sign-on (SSO) is not currently a trivial thing to do in Moodle.
Some other approaches you may consider are:
Use external authentication in Moodle and configure it to use Cake's database. Does not provide SSO but tells Moodle to use Cake's user accounts.
Configure both Moodle and Cake to use a common authentication system like LDAP, POP3 or CAS. Depending of your choice it is possible that you may achieve SSO.
More information about Moodle authentication plug-ins in this page:
http://docs.moodle.org/dev/Authentication_plugins
I am wanting to build an admin tool where I can "impersonate" users of my site, without having to lose my session as an admin.
I would like to be able to open an iframe that will view the website "as the user", without changing the state of the page that opened the iframe.
Is that possible? Is there a better way to do this?
It's possible, but there's a bit "but" :)
Just a couple options to start with:
Use URL-based session tokens (as Java Servlets do when you have cookies disabled)
Use different domains for "normal" site and admin interface
iframe itself won't help you much: it will always share its cookies with the browser. So in order to avoid that, you can use either of the above options—but that does not depend on the iframe.
What language? My answer is based on the assumption that PHP is your chosen language.
Firstly, I would say you have planned your application wrong if session impersonation is the only way you can view your site as another user while still keeping your admin login intact.
One way you could do it, and again this is assuming that you are using PHP as well as the default session management functions within and you do not have a custom session handler would be to load the iframe url with the ?PHPSESSID=sessionidhere parameter.
A better way to do this is to create your site and authenticate users via a user object of sorts and then add some sort of url parameter such as ?userbrowseid=123
Then when you load the page, your code will only check if the parameter exists if you are already logged in as an admin. The page would then overwrite your current user object with the user object of the user with the id 123. Steps should be taken to make sure your session cookies are not overwridden with the impersonated user object. As this would be in an iframe, your site will work as an admin and the iframe will be loaded as the user object.