+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: External Resources (https://forum.codeigniter.com/forumdisplay.php?fid=7)
+--- Forum: Addins (https://forum.codeigniter.com/forumdisplay.php?fid=13)
+--- Thread: Managing login to multiple codeigniter application with ion_auth (/showthread.php?tid=70320)
Managing login to multiple codeigniter application with ion_auth - aleifuu - 03-24-2018
Hi, the scenario is that we host 3 different CI apps that uses ion_auth for authentication module, and all 3 are hosted on the same server. The 3 has its own database where ion_auth should look for matching credentials
for example we have
app1's admin is : '[email protected]', with db : 'app1_db', url : '192.168.1.100/app1'
app2's admin is : '[email protected]', with db : 'app2_db', url : '192.168.1.100/app2'
app1's admin password is : 'monkey' while app2's admin password is different, say : 'horse'
If app1's admin login succesfully to the app1 system, the current behaviour is that if he types url to app2, he app1's admin can also access app2 system too
I don't think this is the intended behaviour. Problem is, maybe I don't know how to make separation among these 3 CI apps correctly. I'd thought by having separate databases for credentials is sufficient. Maybe there's something with sessions that can be done ?
RE: Managing login to multiple codeigniter application with ion_auth - skunkbad - 03-25-2018
Sounds like a security issue where good session cookie is allowing instant login, yes?
RE: Managing login to multiple codeigniter application with ion_auth - aleifuu - 03-27-2018
(03-25-2018, 12:23 AM)skunkbad Wrote: Sounds like a security issue where good session cookie is allowing instant login, yes?
Thanks for you reply. Any pointer to quickly overcome my problems above ?
I guess there are myriad solutions out there. And while I research which one is suitable for what is needed in this scenario, I could just go with disabling Cookies in CI apps, no ?
RE: Managing login to multiple codeigniter application with ion_auth - jreklund - 03-28-2018
How have you configured your cookies correctly?
PHP Code:
$config['cookie_prefix'] = 'app1_';
$config['cookie_domain'] = '192.168.1.100';
$config['cookie_path'] = '/app1/';
$config['cookie_prefix'] = 'app2_';
$config['cookie_domain'] = '192.168.1.100';
$config['cookie_path'] = '/app2/';
RE: Managing login to multiple codeigniter application with ion_auth - XtreemDeveloper - 03-29-2018
Define two time cookies in config file. but session only single time.
$config['sess_driver'] = 'database';
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 7200;
$config['sess_save_path'] = 'ci_sessions';
$config['sess_match_ip'] = FALSE;
$config['sess_time_to_update'] = 300;
$config['sess_regenerate_destroy'] = FALSE;
By:Xtreem Solution
**SEO spam links redacted**
[SOLVED] RE: Managing login to multiple codeigniter application with ion_auth - aleifuu - 03-30-2018
Thanks for all your suggestions. Appreciate it =)
*Update 31 March 2018*
pretty much solve it by giving each app their unique session name in config.php
previously all 3 apps use the same 'ci_session' as session name/identifier. I guess that's what mixes it up
haven't had time fiddling around /w cookies, but I think will make sure unique cookies name based on domain and path as well
Cheers,