In the context of What is the difference between a Cookie and Redis Session store? , how can I share session data among Heroku apps (Sinatra frontend with Rack API backend)?
These two questions have suggestions on how to accomplish this:
Subdomain Session Not Working in Rails 2.3 and Rails 3 on Heroku with/without a Custom Domain?
Rails Checkout SSL heroku
I think what you would want to do is use an external session store (such as Redis), and simply copy the Redis environment values from the first app into the second. You should then be able to access the same session data from both Heroku apps.
EDIT 1:
It also occurs to me that as it is two seperate Heroku apps, you will (probably) have two seperate domains/subdomains. You will need to ensure that your session cookie allows access from both the domains.
Related
My Heroku-app is being used by other people, on other websites then mine.
Is there a way that only my site can use the app?
I have a small site so i use a free account, this way my free "dynos" are gone very quick.
You have some options...
If your app or api is being used by javascript web apps in the browser then setting a CORS heading specifying your top level domain should do the trick.
If your app or api is being consumed by other servers or non-browser based processes then specifying an authentication process such as http basic (user/password) should restrict access to the set of clients that you control. If your service is successful then congratulations! Maybe you should scale up and start charging?
It seems like your goal is to stay in the free tier at Heroku.
Heroku starts your dynos triggered by the request coming in on their router mesh. This means every authentication or blocking technique inside your application will still lead to the dynos being started (that includes CORS).
Heroku itself doesn't give you configuration for their routing in the free/low-price tiers. If you pay for it, there is private spaces.
One possible solution is to have another layer over your app that does the authentication.
For example this could be:
cloudflare
Amazon CloudFront (not sure, with the Web Application Firewall)
other CDN
These will likely have a free tier that's enough for you, but also be rather complex to setup for a beginner.
I hope I could help you a little
I have 3 laravel Applications with 3 databases.
Application 1 is the Login for authentication (Registrations and Login) and is only connected to the users Database .
Application 2 allows user to perform some basic operations and is connected both to user and App2 Databases
Application 3 allows users to perform some other operations different from application 2 and is connected to users and App3 Databases
Now my problem is to allow a user looggin once through Any of the applications and is automatically logged in to other application
More like having a single google account that works in all apps.
Application 1 will be access through the main URL
www.kokoka.com
while others will be access through
health.kokoka.com
school.kokoka.com
I have tried
https://github.com/awnali/SSO-laravel-5
I have also changed the Domain in session.php
'domain'=>'.domain.dev'
all to no avail
You need to set the session file to database and everything related to sessions should be identical. Basically the session.php file should be the same between both, they should have a common database, and the key and cipher type should be identical.
If they have the same domain name (ex: server1.mydomain.com, server2.mydomain.com) but different hostnames/subdomain names, then the cookies should still work fine as long as you set the domain correctly (ex .mydomain.com). If they are on the same server, you can still use a common key-value system. If they are on separate servers, you either need a common storage location (like S3) or a replication enabled key-value system like Redis or Memcached. You could also use MySQL if you need to replicate other data types, but it's very heavy for just key-value pairs.
If they have completely different domains, then cookies will not work. In that instance, you would need to reference cross-site session ids through GET query strings, and perform session migrations in the back-end using either common or replicated systems, or via some secure API. This is a very difficult system to setup and only works if you are moving between the domains using links embedded in the sites. Bookmarks or manual address input will loose session data.
Another way to acomplish what you need is to use the new funcionality of laravel passport.
Laravel already makes it easy to perform authentication via traditional login forms, but what about APIs? APIs typically use tokens to authenticate users and do not maintain session state between requests. Laravel makes API authentication a breeze using Laravel Passport, which provides a full OAuth2 server implementation for your Laravel application in a matter of minutes. Passport is built on top of the League OAuth2 server that is maintained by Alex Bilbie.
This will let you share data across multiple domains through an API so you can share the session and user information. This is the way most people prefer.
After creating authentication system for user using Laravel 5* I am wondering where Laravel store user session?
In other words Laravel store user session in a cookie(client side) or server side?
And if in cookie so it hash that session right? and this is not secured right?
Laravel stores it on server side. You can choose where to store it: files, DB, Redis etc.
Laravel ships with a variety of session backends that are accessed through an expressive, unified API. Support for popular backends such as Memcached, Redis, and databases is included out of the box.
You may learn more about sessions here.
Hi what is the recommended way of sharing data in heroku apps.
The reason why I ask is that I have a scheduler app which runs a process every 5 mins and places data in a memcache (memcachier).
I would then like another servlet based app to be able to read that same memcache data and return it to the user.
I tried to do this but the data is returning null.
Would it be better to use a database or is there any other way of doing this.
Can the memcache be shared across dynos?
Yup, all these things are connected as attachable resources via your config variables. It's perfectly OK to have many apps using the same attached resources.
http://www.12factor.net/backing-services
http://www.12factor.net/config
If we scale up (add an instance to ELB), could we redirect some existing requests to the new instance. So that, The users that we force to a new server will be asked to login again
If we scale down (remove an instance from ELB), then all users from that server will automatically be redirected by ELB to other remaining servers. These user should not be aked to login again.
Is this possible (including the redirect of request)? How?
Any ideas are welcome but I presume this can be solved using a central session store. I just don't know how to implement it .
And what are the options in using a central session store? simpledb? redis? memcached?
Our application is just a simple web application hosted in apache. We have two instances of it added unto the Amazon ELB, and we are using PHP.
Any ELB php specific suggestions? when a scale down/up happens that no user-visible symptomps should be shown?
For the most part, this should be completely transparent to your end users without many changes on your end.
The biggest aspect to look at on your side will be ensuring that sessions are persisted / available through the addition / removal of instances.
You can do this by setting a cookie on the client (default behavior in session_start() and ensuring all of your web servers with PHP have the facility to obtain information about the session id.
Some people will use memcached to do this ... and there is native integration in PHP for sessions to be stored in memcached ...
There are quite a bunch of ways to have a centralized session management. Some of them are listed below:
DB:
http://ocklin.org/session_management_cluster.html
Memcache:
http://www.migrate2cloud.com/blog/how-to-configure-memcached-on-aws-ec2-a-starters-guide (make sure the hosts are able to connect without any problem),
http://www.dotdeb.org/2008/08/25/storing-your-php-sessions-using-memcached/
http://php.net/manual/en/memcached.sessions.php
Msession:
http://in.php.net/manual/en/ref.msession.php