[dancer-users] Single login to multiple domains

Matthew Mallard matt at q-technologies.com.au
Tue Jun 2 06:52:37 EDT 2020 

Or you could keep a login button that redirects them to a central domain of yours - much like Microsoft does with login.live.com <http://login.live.com/> - that detects they are already logged and creates a token to pass back.  Or stick with the more transparent Google way.  Depends how creepy you want to make it! ;-)


> On 2 Jun 2020, at 8:34 pm, Matthew Mallard <matt at Q-technologies.com.au> wrote:
> 
> Oh, ok - you don’t want them to click login on the other sites.  Then you will have to play with cookies, basically, you’ll need to do something along these lines:
> https://stackoverflow.com/questions/19531183/set-cookie-on-multiple-domains-with-php-or-javascript <https://stackoverflow.com/questions/19531183/set-cookie-on-multiple-domains-with-php-or-javascript>
> or
> https://stackoverflow.com/questions/8406719/cookies-set-across-multiple-domains <https://stackoverflow.com/questions/8406719/cookies-set-across-multiple-domains>
> 
>> On 2 Jun 2020, at 8:07 pm, Gabor Szabo <gabor at szabgab.com <mailto:gabor at szabgab.com>> wrote:
>> 
>> I don't think I understand the flow.
>> 
>> 1) Registered user arrives to perlmaven.com <http://perlmaven.com/> with a brand new browser (no session yet, no cookes).
>> 2) Logs in, gets a cookie, login information is written to disk.
>> 3) User arrives to code-maven.com <http://code-maven.com/>   (no session yet, no cookies) How can I know this the same user as in 1) or someone else?
>> 
>> Gabor
>> 
>> 
>> On Tue, Jun 2, 2020 at 10:03 AM Matthew Mallard <matt at q-technologies.com.au <mailto:matt at q-technologies.com.au>> wrote:
>> When the user comes to your site you would have some sort of login check that checks the session info (which is using cookies) - if the session is not valid you would normally marked them as not logged in and provide them with a login button of some sort.  Rather than immediately marked them as not logged in based on their session, reach out to a new service or function that you will create that goes to central database of some sort to see if they already have a session on one of your other domains - if they do, grant them a new session.
>> 
>> It means you have to track sessions in a database to some degree.  The cookie code is for the client side - you must have something server side to set up the session - I’m effectively saying make that part of the code shared in some way.  A database would be easy in your instance, by abstracting it with a service would be more scalable.
>> 
>>> On 2 Jun 2020, at 4:54 pm, Gabor Szabo <gabor at szabgab.com <mailto:gabor at szabgab.com>> wrote:
>>> 
>>> I am probably missing some basics here.
>>> 
>>> If I send out a cookie from one domain,e,g, .perlmaven.com <http://perlmaven.com/> the browser will only send it to perlmaven.com <http://perlmaven.com/> and its subdomains.
>>> Not to code-maven.com <http://code-maven.com/> So when the user accesses code-maven.com <http://code-maven.com/> how can I get the cookie?
>>> 
>>> Gabor
>>> 
>>> On Tue, Jun 2, 2020 at 9:48 AM Matthew Mallard <matt at q-technologies.com.au <mailto:matt at q-technologies.com.au>> wrote:
>>> Without knowing how you have currently set up auth, I would probably centralise the authentication to a separate service that each of the your apps (domains) reached out to check whether the user was already logged into your realm and whether they were allowed access to that particular domain.  That way you can have exceptions down the track (if that becomes a requirement).
>>> 
>>> Does that help or were you looking for something lower level?
>>> 
>>>> On 2 Jun 2020, at 4:34 pm, Gabor Szabo <szabgab at gmail.com <mailto:szabgab at gmail.com>> wrote:
>>>> 
>>>> Hi,
>>>> 
>>>> I run both the Perl Maven site https://perlmaven.com/ <http://perlmaven.com/> and the Code Maven site https://code-maven.com/ <http://code-maven.com/> on the same Dancer2 application. They even share the database behind.
>>>> Both also have several language-specific hostnames. e.g. one in Telugu: https://te.perlmaven.com/ <https://te.perlmaven.com/>
>>>> 
>>>> I would like to allow my users to log in any of the sites and then be already logged in all of the others. So they won't need to authenticate again.
>>>> 
>>>> How could I achieve this?
>>>> 
>>>> Gabor
>>>>  <mailto:dancer-users at lists.preshweb.co.uk>
>>> 
>>> 
>> 
>> _______________________________________________
>> dancer-users mailing list
>> dancer-users at lists.preshweb.co.uk <mailto:dancer-users at lists.preshweb.co.uk>
>> https://lists.preshweb.co.uk/mailman/listinfo/dancer-users
> 
> _______________________________________________
> dancer-users mailing list
> dancer-users at lists.preshweb.co.uk
> https://lists.preshweb.co.uk/mailman/listinfo/dancer-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.preshweb.co.uk/pipermail/dancer-users/attachments/20200602/f1442db1/attachment.htm>

More information about the dancer-users mailing list