Single login to multiple domains
Hi, I run both the Perl Maven site https://perlmaven.com/ <http://perlmaven.com/> and the Code Maven site https://code-maven.com/ <http://code-maven.com/> on the same Dancer2 application. They even share the database behind. Both also have several language-specific hostnames. e.g. one in Telugu: https://te.perlmaven.com/ I would like to allow my users to log in any of the sites and then be already logged in all of the others. So they won't need to authenticate again. How could I achieve this? Gabor <dancer-users@lists.preshweb.co.uk>
Without knowing how you have currently set up auth, I would probably centralise the authentication to a separate service that each of the your apps (domains) reached out to check whether the user was already logged into your realm and whether they were allowed access to that particular domain. That way you can have exceptions down the track (if that becomes a requirement). Does that help or were you looking for something lower level?
On 2 Jun 2020, at 4:34 pm, Gabor Szabo <szabgab@gmail.com> wrote:
Hi,
I run both the Perl Maven site https://perlmaven.com/ <http://perlmaven.com/> and the Code Maven site https://code-maven.com/ <http://code-maven.com/> on the same Dancer2 application. They even share the database behind. Both also have several language-specific hostnames. e.g. one in Telugu: https://te.perlmaven.com/ <https://te.perlmaven.com/>
I would like to allow my users to log in any of the sites and then be already logged in all of the others. So they won't need to authenticate again.
How could I achieve this?
Gabor <mailto:dancer-users@lists.preshweb.co.uk>_______________________________________________ dancer-users mailing list dancer-users@lists.preshweb.co.uk https://lists.preshweb.co.uk/mailman/listinfo/dancer-users
I am probably missing some basics here. If I send out a cookie from one domain,e,g, .perlmaven.com the browser will only send it to perlmaven.com and its subdomains. Not to code-maven.com So when the user accesses code-maven.com how can I get the cookie? Gabor On Tue, Jun 2, 2020 at 9:48 AM Matthew Mallard <matt@q-technologies.com.au> wrote:
Without knowing how you have currently set up auth, I would probably centralise the authentication to a separate service that each of the your apps (domains) reached out to check whether the user was already logged into your realm and whether they were allowed access to that particular domain. That way you can have exceptions down the track (if that becomes a requirement).
Does that help or were you looking for something lower level?
On 2 Jun 2020, at 4:34 pm, Gabor Szabo <szabgab@gmail.com> wrote:
Hi,
I run both the Perl Maven site https://perlmaven.com/ <http://perlmaven.com/> and the Code Maven site https://code-maven.com/ <http://code-maven.com/> on the same Dancer2 application. They even share the database behind. Both also have several language-specific hostnames. e.g. one in Telugu: https://te.perlmaven.com/
I would like to allow my users to log in any of the sites and then be already logged in all of the others. So they won't need to authenticate again.
How could I achieve this?
Gabor <dancer-users@lists.preshweb.co.uk>
When the user comes to your site you would have some sort of login check that checks the session info (which is using cookies) - if the session is not valid you would normally marked them as not logged in and provide them with a login button of some sort. Rather than immediately marked them as not logged in based on their session, reach out to a new service or function that you will create that goes to central database of some sort to see if they already have a session on one of your other domains - if they do, grant them a new session. It means you have to track sessions in a database to some degree. The cookie code is for the client side - you must have something server side to set up the session - I’m effectively saying make that part of the code shared in some way. A database would be easy in your instance, by abstracting it with a service would be more scalable.
On 2 Jun 2020, at 4:54 pm, Gabor Szabo <gabor@szabgab.com> wrote:
I am probably missing some basics here.
If I send out a cookie from one domain,e,g, .perlmaven.com <http://perlmaven.com/> the browser will only send it to perlmaven.com <http://perlmaven.com/> and its subdomains. Not to code-maven.com <http://code-maven.com/> So when the user accesses code-maven.com <http://code-maven.com/> how can I get the cookie?
Gabor
On Tue, Jun 2, 2020 at 9:48 AM Matthew Mallard <matt@q-technologies.com.au <mailto:matt@q-technologies.com.au>> wrote: Without knowing how you have currently set up auth, I would probably centralise the authentication to a separate service that each of the your apps (domains) reached out to check whether the user was already logged into your realm and whether they were allowed access to that particular domain. That way you can have exceptions down the track (if that becomes a requirement).
Does that help or were you looking for something lower level?
On 2 Jun 2020, at 4:34 pm, Gabor Szabo <szabgab@gmail.com <mailto:szabgab@gmail.com>> wrote:
Hi,
I run both the Perl Maven site https://perlmaven.com/ <http://perlmaven.com/> and the Code Maven site https://code-maven.com/ <http://code-maven.com/> on the same Dancer2 application. They even share the database behind. Both also have several language-specific hostnames. e.g. one in Telugu: https://te.perlmaven.com/ <https://te.perlmaven.com/>
I would like to allow my users to log in any of the sites and then be already logged in all of the others. So they won't need to authenticate again.
How could I achieve this?
Gabor <mailto:dancer-users@lists.preshweb.co.uk>
_______________________________________________ dancer-users mailing list dancer-users@lists.preshweb.co.uk https://lists.preshweb.co.uk/mailman/listinfo/dancer-users
I don't think I understand the flow. 1) Registered user arrives to perlmaven.com with a brand new browser (no session yet, no cookes). 2) Logs in, gets a cookie, login information is written to disk. 3) User arrives to code-maven.com (no session yet, no cookies) How can I know this the same user as in 1) or someone else? Gabor On Tue, Jun 2, 2020 at 10:03 AM Matthew Mallard <matt@q-technologies.com.au> wrote:
When the user comes to your site you would have some sort of login check that checks the session info (which is using cookies) - if the session is not valid you would normally marked them as not logged in and provide them with a login button of some sort. Rather than immediately marked them as not logged in based on their session, reach out to a new service or function that you will create that goes to central database of some sort to see if they already have a session on one of your other domains - if they do, grant them a new session.
It means you have to track sessions in a database to some degree. The cookie code is for the client side - you must have something server side to set up the session - I’m effectively saying make that part of the code shared in some way. A database would be easy in your instance, by abstracting it with a service would be more scalable.
On 2 Jun 2020, at 4:54 pm, Gabor Szabo <gabor@szabgab.com> wrote:
I am probably missing some basics here.
If I send out a cookie from one domain,e,g, .perlmaven.com the browser will only send it to perlmaven.com and its subdomains. Not to code-maven.com So when the user accesses code-maven.com how can I get the cookie?
Gabor
On Tue, Jun 2, 2020 at 9:48 AM Matthew Mallard <matt@q-technologies.com.au> wrote:
Without knowing how you have currently set up auth, I would probably centralise the authentication to a separate service that each of the your apps (domains) reached out to check whether the user was already logged into your realm and whether they were allowed access to that particular domain. That way you can have exceptions down the track (if that becomes a requirement).
Does that help or were you looking for something lower level?
On 2 Jun 2020, at 4:34 pm, Gabor Szabo <szabgab@gmail.com> wrote:
Hi,
I run both the Perl Maven site https://perlmaven.com/ <http://perlmaven.com/> and the Code Maven site https://code-maven.com/ <http://code-maven.com/> on the same Dancer2 application. They even share the database behind. Both also have several language-specific hostnames. e.g. one in Telugu: https://te.perlmaven.com/
I would like to allow my users to log in any of the sites and then be already logged in all of the others. So they won't need to authenticate again.
How could I achieve this?
Gabor <dancer-users@lists.preshweb.co.uk>
Oh, ok - you don’t want them to click login on the other sites. Then you will have to play with cookies, basically, you’ll need to do something along these lines: https://stackoverflow.com/questions/19531183/set-cookie-on-multiple-domains-... <https://stackoverflow.com/questions/19531183/set-cookie-on-multiple-domains-with-php-or-javascript> or https://stackoverflow.com/questions/8406719/cookies-set-across-multiple-doma... <https://stackoverflow.com/questions/8406719/cookies-set-across-multiple-domains>
On 2 Jun 2020, at 8:07 pm, Gabor Szabo <gabor@szabgab.com> wrote:
I don't think I understand the flow.
1) Registered user arrives to perlmaven.com <http://perlmaven.com/> with a brand new browser (no session yet, no cookes). 2) Logs in, gets a cookie, login information is written to disk. 3) User arrives to code-maven.com <http://code-maven.com/> (no session yet, no cookies) How can I know this the same user as in 1) or someone else?
Gabor
On Tue, Jun 2, 2020 at 10:03 AM Matthew Mallard <matt@q-technologies.com.au <mailto:matt@q-technologies.com.au>> wrote: When the user comes to your site you would have some sort of login check that checks the session info (which is using cookies) - if the session is not valid you would normally marked them as not logged in and provide them with a login button of some sort. Rather than immediately marked them as not logged in based on their session, reach out to a new service or function that you will create that goes to central database of some sort to see if they already have a session on one of your other domains - if they do, grant them a new session.
It means you have to track sessions in a database to some degree. The cookie code is for the client side - you must have something server side to set up the session - I’m effectively saying make that part of the code shared in some way. A database would be easy in your instance, by abstracting it with a service would be more scalable.
On 2 Jun 2020, at 4:54 pm, Gabor Szabo <gabor@szabgab.com <mailto:gabor@szabgab.com>> wrote:
I am probably missing some basics here.
If I send out a cookie from one domain,e,g, .perlmaven.com <http://perlmaven.com/> the browser will only send it to perlmaven.com <http://perlmaven.com/> and its subdomains. Not to code-maven.com <http://code-maven.com/> So when the user accesses code-maven.com <http://code-maven.com/> how can I get the cookie?
Gabor
On Tue, Jun 2, 2020 at 9:48 AM Matthew Mallard <matt@q-technologies.com.au <mailto:matt@q-technologies.com.au>> wrote: Without knowing how you have currently set up auth, I would probably centralise the authentication to a separate service that each of the your apps (domains) reached out to check whether the user was already logged into your realm and whether they were allowed access to that particular domain. That way you can have exceptions down the track (if that becomes a requirement).
Does that help or were you looking for something lower level?
On 2 Jun 2020, at 4:34 pm, Gabor Szabo <szabgab@gmail.com <mailto:szabgab@gmail.com>> wrote:
Hi,
I run both the Perl Maven site https://perlmaven.com/ <http://perlmaven.com/> and the Code Maven site https://code-maven.com/ <http://code-maven.com/> on the same Dancer2 application. They even share the database behind. Both also have several language-specific hostnames. e.g. one in Telugu: https://te.perlmaven.com/ <https://te.perlmaven.com/>
I would like to allow my users to log in any of the sites and then be already logged in all of the others. So they won't need to authenticate again.
How could I achieve this?
Gabor <mailto:dancer-users@lists.preshweb.co.uk>
_______________________________________________ dancer-users mailing list dancer-users@lists.preshweb.co.uk https://lists.preshweb.co.uk/mailman/listinfo/dancer-users
Or you could keep a login button that redirects them to a central domain of yours - much like Microsoft does with login.live.com <http://login.live.com/> - that detects they are already logged and creates a token to pass back. Or stick with the more transparent Google way. Depends how creepy you want to make it! ;-)
On 2 Jun 2020, at 8:34 pm, Matthew Mallard <matt@Q-technologies.com.au> wrote:
Oh, ok - you don’t want them to click login on the other sites. Then you will have to play with cookies, basically, you’ll need to do something along these lines: https://stackoverflow.com/questions/19531183/set-cookie-on-multiple-domains-... <https://stackoverflow.com/questions/19531183/set-cookie-on-multiple-domains-with-php-or-javascript> or https://stackoverflow.com/questions/8406719/cookies-set-across-multiple-doma... <https://stackoverflow.com/questions/8406719/cookies-set-across-multiple-domains>
On 2 Jun 2020, at 8:07 pm, Gabor Szabo <gabor@szabgab.com <mailto:gabor@szabgab.com>> wrote:
I don't think I understand the flow.
1) Registered user arrives to perlmaven.com <http://perlmaven.com/> with a brand new browser (no session yet, no cookes). 2) Logs in, gets a cookie, login information is written to disk. 3) User arrives to code-maven.com <http://code-maven.com/> (no session yet, no cookies) How can I know this the same user as in 1) or someone else?
Gabor
On Tue, Jun 2, 2020 at 10:03 AM Matthew Mallard <matt@q-technologies.com.au <mailto:matt@q-technologies.com.au>> wrote: When the user comes to your site you would have some sort of login check that checks the session info (which is using cookies) - if the session is not valid you would normally marked them as not logged in and provide them with a login button of some sort. Rather than immediately marked them as not logged in based on their session, reach out to a new service or function that you will create that goes to central database of some sort to see if they already have a session on one of your other domains - if they do, grant them a new session.
It means you have to track sessions in a database to some degree. The cookie code is for the client side - you must have something server side to set up the session - I’m effectively saying make that part of the code shared in some way. A database would be easy in your instance, by abstracting it with a service would be more scalable.
On 2 Jun 2020, at 4:54 pm, Gabor Szabo <gabor@szabgab.com <mailto:gabor@szabgab.com>> wrote:
I am probably missing some basics here.
If I send out a cookie from one domain,e,g, .perlmaven.com <http://perlmaven.com/> the browser will only send it to perlmaven.com <http://perlmaven.com/> and its subdomains. Not to code-maven.com <http://code-maven.com/> So when the user accesses code-maven.com <http://code-maven.com/> how can I get the cookie?
Gabor
On Tue, Jun 2, 2020 at 9:48 AM Matthew Mallard <matt@q-technologies.com.au <mailto:matt@q-technologies.com.au>> wrote: Without knowing how you have currently set up auth, I would probably centralise the authentication to a separate service that each of the your apps (domains) reached out to check whether the user was already logged into your realm and whether they were allowed access to that particular domain. That way you can have exceptions down the track (if that becomes a requirement).
Does that help or were you looking for something lower level?
On 2 Jun 2020, at 4:34 pm, Gabor Szabo <szabgab@gmail.com <mailto:szabgab@gmail.com>> wrote:
Hi,
I run both the Perl Maven site https://perlmaven.com/ <http://perlmaven.com/> and the Code Maven site https://code-maven.com/ <http://code-maven.com/> on the same Dancer2 application. They even share the database behind. Both also have several language-specific hostnames. e.g. one in Telugu: https://te.perlmaven.com/ <https://te.perlmaven.com/>
I would like to allow my users to log in any of the sites and then be already logged in all of the others. So they won't need to authenticate again.
How could I achieve this?
Gabor <mailto:dancer-users@lists.preshweb.co.uk>
_______________________________________________ dancer-users mailing list dancer-users@lists.preshweb.co.uk <mailto:dancer-users@lists.preshweb.co.uk> https://lists.preshweb.co.uk/mailman/listinfo/dancer-users
_______________________________________________ dancer-users mailing list dancer-users@lists.preshweb.co.uk https://lists.preshweb.co.uk/mailman/listinfo/dancer-users
Yeah, I saw those links, thanks. Now the "only" reminding question is: How can I implement this with Dancer as the back-end? Is there any plugin that will help me? Gabor
* Gabor Szabo [02/06/2020 09:34] :
I would like to allow my users to log in any of the sites and then be already logged in all of the others. So they won't need to authenticate again.
How could I achieve this?
FTR, this is called Single Sign-On (SSO, for short). https://en.wikipedia.org/wiki/Single_sign-on I'm not sure how pratical it is going to be to implement this over multiple domains with cookies. If I wanted to do this, I would take a look at the Lemonldap::NG::* modules on CPAN. Emmanuel
PMFJI, I honestly don't really know crap about it, but my immediate reaction was to google for 'cross domain cookies' which gives a lot of seemingly useful hits... Definitively just a wild guess, so if it helps it helps, otherwise disregard...:-) ken1 On 2020-06-02 08:34, Gabor Szabo wrote:
Hi,
I run both the Perl Maven site https://perlmaven.com/ <http://perlmaven.com/> and the Code Maven site https://code-maven.com/ <http://code-maven.com/> on the same Dancer2 application. They even share the database behind. Both also have several language-specific hostnames. e.g. one in Telugu: https://te.perlmaven.com/
I would like to allow my users to log in any of the sites and then be already logged in all of the others. So they won't need to authenticate again.
How could I achieve this?
Gabor
_______________________________________________ dancer-users mailing list dancer-users@lists.preshweb.co.uk https://lists.preshweb.co.uk/mailman/listinfo/dancer-users
This might be a long shot, you could give the browser a UUID, which you encrypt on the server, and send to the client as a localStorage using: https://github.com/zendesk/cross-storage Then using a combination of $.ajaxSetup and hooks, you can verify your user's identity. Jawn On Wed, 3 Jun 2020 at 04:12, Kenneth Ölwing <kenneth@olwing.se> wrote:
PMFJI, I honestly don't really know crap about it, but my immediate reaction was to google for 'cross domain cookies' which gives a lot of seemingly useful hits...
Definitively just a wild guess, so if it helps it helps, otherwise disregard...:-)
ken1 On 2020-06-02 08:34, Gabor Szabo wrote:
Hi,
I run both the Perl Maven site https://perlmaven.com/ <http://perlmaven.com/> and the Code Maven site https://code-maven.com/ <http://code-maven.com/> on the same Dancer2 application. They even share the database behind. Both also have several language-specific hostnames. e.g. one in Telugu: https://te.perlmaven.com/
I would like to allow my users to log in any of the sites and then be already logged in all of the others. So they won't need to authenticate again.
How could I achieve this?
Gabor
_______________________________________________ dancer-users mailing listdancer-users@lists.preshweb.co.ukhttps://lists.preshweb.co.uk/mailman/listinfo/dancer-users
_______________________________________________ dancer-users mailing list dancer-users@lists.preshweb.co.uk https://lists.preshweb.co.uk/mailman/listinfo/dancer-users
participants (6)
-
Emmanuel Seyman -
Gabor Szabo -
Gabor Szabo -
Jon Ferwerda -
Kenneth Ölwing -
Matthew Mallard