<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Or you could keep a login button that redirects them to a central domain of yours - much like Microsoft does with <a href="http://login.live.com" class="">login.live.com</a> - that detects they are already logged and creates a token to pass back.  Or stick with the more transparent Google way.  Depends how creepy you want to make it! ;-)<div class=""><div class=""><br class="Apple-interchange-newline">
</div>
<div><br class=""><blockquote type="cite" class=""><div class="">On 2 Jun 2020, at 8:34 pm, Matthew Mallard <<a href="mailto:matt@Q-technologies.com.au" class="">matt@Q-technologies.com.au</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta http-equiv="Content-Type" content="text/html; charset=utf-8" class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Oh, ok - you don’t want them to click login on the other sites.  Then you will have to play with cookies, basically, you’ll need to do something along these lines:<div class=""><a href="https://stackoverflow.com/questions/19531183/set-cookie-on-multiple-domains-with-php-or-javascript" class="">https://stackoverflow.com/questions/19531183/set-cookie-on-multiple-domains-with-php-or-javascript</a></div><div class="">or</div><div class=""><a href="https://stackoverflow.com/questions/8406719/cookies-set-across-multiple-domains" class="">https://stackoverflow.com/questions/8406719/cookies-set-across-multiple-domains</a></div><div class=""><br class=""></div><div class=""><div class=""><div class=""><div class=""><blockquote type="cite" class=""><div class="">On 2 Jun 2020, at 8:07 pm, Gabor Szabo <<a href="mailto:gabor@szabgab.com" class="">gabor@szabgab.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class=""><div dir="ltr" class=""><div class="">I don't think I understand the flow.</div><div class=""><br class=""></div><div class="">1) Registered user arrives to <a href="http://perlmaven.com/" class="">perlmaven.com</a> with a brand new browser (no session yet, no cookes).</div><div class="">2) Logs in, gets a cookie, login information is written to disk.</div><div class="">3) User arrives to <a href="http://code-maven.com/" class="">code-maven.com</a>   (no session yet, no cookies) How can I know this the same user as in 1) or someone else?</div><div class=""><br class=""></div><div class="">Gabor</div><div class=""><br class=""></div></div><br class=""><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Jun 2, 2020 at 10:03 AM Matthew Mallard <<a href="mailto:matt@q-technologies.com.au" class="">matt@q-technologies.com.au</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div style="overflow-wrap: break-word;" class=""><div class="">When the user comes to your site you would have some sort of login check that checks the session info (which is using cookies) - if the session is not valid you would normally marked them as not logged in and provide them with a login button of some sort.  Rather than immediately marked them as not logged in based on their session, reach out to a new service or function that you will create that goes to central database of some sort to see if they already have a session on one of your other domains - if they do, grant them a new session.</div><div class=""><br class=""></div><div class="">It means you have to track sessions in a database to some degree.  The cookie code is for the client side - you must have something server side to set up the session - I’m effectively saying make that part of the code shared in some way.  A database would be easy in your instance, by abstracting it with a service would be more scalable.</div><div class=""><br class=""></div><div class=""><blockquote type="cite" class=""><div class="">On 2 Jun 2020, at 4:54 pm, Gabor Szabo <<a href="mailto:gabor@szabgab.com" target="_blank" class="">gabor@szabgab.com</a>> wrote:</div><br class=""><div class=""><div dir="ltr" class=""><div class="">I am probably missing some basics here.</div><div class=""><br class=""></div><div class="">If I send out a cookie from one domain,e,g, .<a href="http://perlmaven.com/" target="_blank" class="">perlmaven.com</a> the browser will only send it to <a href="http://perlmaven.com/" target="_blank" class="">perlmaven.com</a> and its subdomains.<br class=""></div><div class="">Not to <a href="http://code-maven.com/" target="_blank" class="">code-maven.com</a> So when the user accesses <a href="http://code-maven.com/" target="_blank" class="">code-maven.com</a> how can I get the cookie?<br class=""></div><div class=""><br class=""></div><div class="">Gabor<br class=""></div><br class=""><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Jun 2, 2020 at 9:48 AM Matthew Mallard <<a href="mailto:matt@q-technologies.com.au" target="_blank" class="">matt@q-technologies.com.au</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="">Without knowing how you have currently set up auth, I would probably centralise the authentication to a separate service that each of the your apps (domains) reached out to check whether the user was already logged into your realm and whether they were allowed access to that particular domain.  That way you can have exceptions down the track (if that becomes a requirement).<div class=""><br class=""></div><div class="">Does that help or were you looking for something lower level?<br class="">
<div class=""><br class=""><blockquote type="cite" class=""><div class="">On 2 Jun 2020, at 4:34 pm, Gabor Szabo <<a href="mailto:szabgab@gmail.com" target="_blank" class="">szabgab@gmail.com</a>> wrote:</div><br class=""><div class=""><div dir="ltr" class="">Hi,<div class="gmail_quote"><div dir="ltr" class=""><div class="gmail_quote"><div dir="ltr" class=""><div class=""><br class=""></div><div class="">I run both the Perl Maven site <a href="http://perlmaven.com/" target="_blank" class="">https://perlmaven.com/</a> and the Code Maven site <a href="http://code-maven.com/" target="_blank" class="">https://code-maven.com/</a> on the same Dancer2 application. They even share the database behind.</div><div class="">Both also have several language-specific hostnames. e.g. one in Telugu: <a href="https://te.perlmaven.com/" target="_blank" class="">https://te.perlmaven.com/</a></div><div class=""><br class=""></div><div class="">I would like to allow my users to log in any of the sites and then be already logged in all of the others. So they won't need to authenticate again.<br class=""></div><div class=""><br class=""></div><div class="">How could I achieve this?</div><div class=""><br class=""></div><div class="">Gabor<br class=""></div></div></div></div></div><a href="mailto:dancer-users@lists.preshweb.co.uk" target="_blank" class=""></a></div></div></blockquote></div></div></div></blockquote></div><div class=""><br class=""></div><div class=""><br class=""></div></div></div></blockquote></div></div></blockquote></div><br class=""></div>
_______________________________________________<br class="">dancer-users mailing list<br class=""><a href="mailto:dancer-users@lists.preshweb.co.uk" class="">dancer-users@lists.preshweb.co.uk</a><br class=""><a href="https://lists.preshweb.co.uk/mailman/listinfo/dancer-users" class="">https://lists.preshweb.co.uk/mailman/listinfo/dancer-users</a><br class=""></div></blockquote></div><br class=""></div></div></div></div>_______________________________________________<br class="">dancer-users mailing list<br class=""><a href="mailto:dancer-users@lists.preshweb.co.uk" class="">dancer-users@lists.preshweb.co.uk</a><br class="">https://lists.preshweb.co.uk/mailman/listinfo/dancer-users<br class=""></div></blockquote></div><br class=""></div></body></html>