[dancer-users] Single login to multiple domains

Gabor Szabo gabor at szabgab.com
Tue Jun 2 06:07:46 EDT 2020


I don't think I understand the flow.

1) Registered user arrives to perlmaven.com with a brand new browser (no
session yet, no cookes).
2) Logs in, gets a cookie, login information is written to disk.
3) User arrives to code-maven.com   (no session yet, no cookies) How can I
know this the same user as in 1) or someone else?

Gabor


On Tue, Jun 2, 2020 at 10:03 AM Matthew Mallard <matt at q-technologies.com.au>
wrote:

> When the user comes to your site you would have some sort of login check
> that checks the session info (which is using cookies) - if the session is
> not valid you would normally marked them as not logged in and provide them
> with a login button of some sort.  Rather than immediately marked them as
> not logged in based on their session, reach out to a new service or
> function that you will create that goes to central database of some sort to
> see if they already have a session on one of your other domains - if they
> do, grant them a new session.
>
> It means you have to track sessions in a database to some degree.  The
> cookie code is for the client side - you must have something server side to
> set up the session - I’m effectively saying make that part of the code
> shared in some way.  A database would be easy in your instance, by
> abstracting it with a service would be more scalable.
>
> On 2 Jun 2020, at 4:54 pm, Gabor Szabo <gabor at szabgab.com> wrote:
>
> I am probably missing some basics here.
>
> If I send out a cookie from one domain,e,g, .perlmaven.com the browser
> will only send it to perlmaven.com and its subdomains.
> Not to code-maven.com So when the user accesses code-maven.com how can I
> get the cookie?
>
> Gabor
>
> On Tue, Jun 2, 2020 at 9:48 AM Matthew Mallard <matt at q-technologies.com.au>
> wrote:
>
>> Without knowing how you have currently set up auth, I would probably
>> centralise the authentication to a separate service that each of the your
>> apps (domains) reached out to check whether the user was already logged
>> into your realm and whether they were allowed access to that particular
>> domain.  That way you can have exceptions down the track (if that becomes a
>> requirement).
>>
>> Does that help or were you looking for something lower level?
>>
>> On 2 Jun 2020, at 4:34 pm, Gabor Szabo <szabgab at gmail.com> wrote:
>>
>> Hi,
>>
>> I run both the Perl Maven site https://perlmaven.com/
>> <http://perlmaven.com/> and the Code Maven site https://code-maven.com/
>> <http://code-maven.com/> on the same Dancer2 application. They even
>> share the database behind.
>> Both also have several language-specific hostnames. e.g. one in Telugu:
>> https://te.perlmaven.com/
>>
>> I would like to allow my users to log in any of the sites and then be
>> already logged in all of the others. So they won't need to authenticate
>> again.
>>
>> How could I achieve this?
>>
>> Gabor
>> <dancer-users at lists.preshweb.co.uk>
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.preshweb.co.uk/pipermail/dancer-users/attachments/20200602/052ed531/attachment.htm>


More information about the dancer-users mailing list