Cookie across different domains - session

I am working on building a learners website (http:localhost:8080.xyz.com).This is being built on glassfish server using gwt.I need to integrate forums(http:localhost:8888.abc.com)into this site .The forum is built using php and is on Apache Server.
Both the websites share the same MySQL database and this database has a table named session table which has information about the user id and corresponding session id.
Now i am trying to integrate the forum into my website using an Iframe.
My first question here is,once the user logins into my website will my website and the iframe have the same session id?
If they dont have the same session id what would be the best way to implement the functionality that when user logins into my system he is also automatically logged in into the forum?
Thanks

Easy Solution:
Send the user (via iframe or ajax or whatever) to a page on domain B, providing the session ID as a get parameter (http:localhost:8888.abc.com/sso.php?sessid=the_sess_id), then create the cookie on domain B.
More complicated solution:
Setup one of the two servers as a reverse proxy so both apps share the same domain and cookies.

Related

Get laravel current user on external php website

I have created an application with Laravel 7 that contains users that can log in.
In parallel, I create a showcase site for the application (another domain) and essentially html/css.
I would like on this showcase site to propose login and registration buttons if there is no user connected to the laravel.Otherwise I would just like to propose a "Dashboard" button if a user is connected to the Laravel application.
How to do that? I confess that I'm a bit lost. Thanks for your help.
You need to create an API on the laravel app which will be used by the "showcase site".
To login and authorize themselves you can use JWT
to keep user data and use it on the showcase site you can either save them in
localstorage (just be careful not to save any sensitive data there as people can take that information in case of XSS vulnerable)
indexdb
cookies
None of these methods are safe. They can be exploited using XSS so i advice on using JWT to secure sensitive data.

Many domains with the same site, each one with it's own db

for a project i need to run multiple copies of the same web site, each one on a different domain with a different database.
I plan of doing that this way
create an hosting for each website with a personal database and a website
keep the code updated across the websites using git
update the database using an orm
The problem is that i need an unique login page across the various sites.
I think that the user enter the username on a main site and then it' redirected on the personal site where he insert his password, but this way i have to keep in sync the login data.
How can i achieve this?

How to implement customer subdomain in Spring framework

In many of the SaaS web applications (ex, Atlassian JIRA), a user can have dedicated subdomain. For example, if my user name is helloworld, then after I log in to the web application, I am redirected to helloworld.atlassian.net
How to implement this in Spring Framework?
Do I have to have one application server instance running for each customer?
But this dosent seem to be the cheapest solution. Does Spring have such feature that I can create dynamic subdomain based on the username, and in the backend, only one instance of application server is running?
Create a custom filter which parses whole url and extracts subdomain, then check if the user is on proper domain with proper rights. Also worth mentioning Nginx should redirect "*.yourdomain.com" so all subdomains don't have to exist in Nginx, they could exist in database and each user has his unique or can be multiple sudomains attached, your custom filter does the checking on each request.

Sync session token in Joomla

CMS- Joomla! 2.5
Task- When i login to www.domain.com(A), i should be automatically be logged into test.domain.com(B) and vice-versa.
Implementation
When i visit site A, a session cookie is set to have the session id. Once i login to site A, the user credentials are checked and then the session record in j25_session table is updated with user id. Once this is done, i can freely navigate through the site A, as the session id is on the session cookie.
The cookie id and the session id stored in the cookie is the same on site B. This is because i have set the cookie domain on both websites as .domain.com and i am using the same secret value in the configuration file. Also Site B has access to the session data of site A, as the tables are being shared(created views).
So ideally even if i move from site A to B, the session should be valid and i should be logged in.
Issue
The session becomes invalid when i move from site A to B. As far as i've investigated, this is due to the token that is in the login form. the token in the form and the token saved in the session differs, this makes the session to die.
Any thoughts ?
There are a few problems you would need to face if you want do do this manually.
First of all there's a great component - JFusion with good support but I'm not sure if it allows bi-directional sessions between two joomla sites. Check it out, you could save many hours if not days!
Users
In order to authenticate someone an a different joomla site there must by the same database record in both #__users table on site A and site B, with the same IDs and usernames in addition to the same session cookie.
A few ways to solve this:
create a user plugin which synchronizes entries in #_users and #_user_usergroup_map from site A to B and vice versa. This must handle creating data after registration, removing records after deletion and updating it.
use MySQL replication (Master <-> Master) to synchronize #_users and #_user_usergroup_map tables between site A and B and vice versa
Sharing sessions
In order to share a valid session between 2 Joomla webites both need to have access to the same session cookie and #__sessions table, which you already implemented from what I understand, right?
If not, this is the biggest issue you have to face. A few ways to solve it:
use curl to get login form of the site B
use regular expressions to pull out the token from
send a POST request to the component users with login task on site B
the other is:
assuming #__users table is the same on both sides
after successful authentication on site A create the same session record in table #__sessions on site B
another, and the best solution:
use MySQL replication (Master <-> Master) to replicate #__sessions table between both sites
Sessions expiration
Even when you implement shared sessions you may need to face this issue. Sessions on site A and B will have different expiration time. That means when you login on site A the session on site B may expire earlier so that you won't be logged in on site B when you visit it.
You could solve it by:
setting up the same "Session expires after" setting in Joomla backend on both sites.
replicating #__users table either with MySQL replication or users plugins on both sites.
There's lot of work to achieve this, but even if you decided to do it manually check out a few extensions just to see how they do it.
Good luck
EDIT: I also recommend checking out this extensions:
http://extensions.joomla.org/extensions/core-enhancements/multiple-sites/19249
http://extensions.joomla.org/extensions/core-enhancements/multiple-sites/7557
http://extensions.joomla.org/extensions/core-enhancements/multiple-sites/5550
http://extensions.joomla.org/extensions/core-enhancements/multiple-sites/14863

Share user login/session between cakephp and moodle

I have a website already running made with CakePHP, which has its own login system using the Auth component.
Now I'm going to create another website using moodle, hosted in the same server. Is there any way to share the user session between those 2 websites?
For example, if a user logs into the moodle website and clicks a link to a page of the other website, he is not asked to log in again, since the system recognises that he is already logged in.
I guess that one thing to do would be to tell moodle (somehow) to use same table of users in the database that the CakePHP website is already using. And then tell the CakePHP website to accept the sessions created in that other website. Something like this right?
But I don't know how to do those things or if they even possible, any advice on how to approach this would be very helpful.
Single sign-on (SSO) is not currently a trivial thing to do in Moodle.
Some other approaches you may consider are:
Use external authentication in Moodle and configure it to use Cake's database. Does not provide SSO but tells Moodle to use Cake's user accounts.
Configure both Moodle and Cake to use a common authentication system like LDAP, POP3 or CAS. Depending of your choice it is possible that you may achieve SSO.
More information about Moodle authentication plug-ins in this page:
http://docs.moodle.org/dev/Authentication_plugins

Resources