[dancer-users] Single login to multiple domains
Matthew Mallard
matt at q-technologies.com.au
Tue Jun 2 03:03:41 EDT 2020
When the user comes to your site you would have some sort of login check that checks the session info (which is using cookies) - if the session is not valid you would normally marked them as not logged in and provide them with a login button of some sort. Rather than immediately marked them as not logged in based on their session, reach out to a new service or function that you will create that goes to central database of some sort to see if they already have a session on one of your other domains - if they do, grant them a new session.
It means you have to track sessions in a database to some degree. The cookie code is for the client side - you must have something server side to set up the session - I’m effectively saying make that part of the code shared in some way. A database would be easy in your instance, by abstracting it with a service would be more scalable.
> On 2 Jun 2020, at 4:54 pm, Gabor Szabo <gabor at szabgab.com> wrote:
>
> I am probably missing some basics here.
>
> If I send out a cookie from one domain,e,g, .perlmaven.com <http://perlmaven.com/> the browser will only send it to perlmaven.com <http://perlmaven.com/> and its subdomains.
> Not to code-maven.com <http://code-maven.com/> So when the user accesses code-maven.com <http://code-maven.com/> how can I get the cookie?
>
> Gabor
>
> On Tue, Jun 2, 2020 at 9:48 AM Matthew Mallard <matt at q-technologies.com.au <mailto:matt at q-technologies.com.au>> wrote:
> Without knowing how you have currently set up auth, I would probably centralise the authentication to a separate service that each of the your apps (domains) reached out to check whether the user was already logged into your realm and whether they were allowed access to that particular domain. That way you can have exceptions down the track (if that becomes a requirement).
>
> Does that help or were you looking for something lower level?
>
>> On 2 Jun 2020, at 4:34 pm, Gabor Szabo <szabgab at gmail.com <mailto:szabgab at gmail.com>> wrote:
>>
>> Hi,
>>
>> I run both the Perl Maven site https://perlmaven.com/ <http://perlmaven.com/> and the Code Maven site https://code-maven.com/ <http://code-maven.com/> on the same Dancer2 application. They even share the database behind.
>> Both also have several language-specific hostnames. e.g. one in Telugu: https://te.perlmaven.com/ <https://te.perlmaven.com/>
>>
>> I would like to allow my users to log in any of the sites and then be already logged in all of the others. So they won't need to authenticate again.
>>
>> How could I achieve this?
>>
>> Gabor
>> <mailto:dancer-users at lists.preshweb.co.uk>
>
>
>
> _______________________________________________
> dancer-users mailing list
> dancer-users at lists.preshweb.co.uk
> https://lists.preshweb.co.uk/mailman/listinfo/dancer-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.preshweb.co.uk/pipermail/dancer-users/attachments/20200602/8e07f75e/attachment.htm>
More information about the dancer-users
mailing list