Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums External Resources Addins Managing login to multiple codeigniter application with ion_auth
Managing login to multiple codeigniter application with ion_auth
  • Offline aleifuu
    Newbie
  • *
  • Posts: 7
    Threads: 2
    Joined: Dec 2017
    Reputation: 0
#1
03-24-2018, 09:47 PM

Hi, the scenario is that we host 3 different CI apps that uses ion_auth for authentication module, and all 3 are hosted on the same server. The 3 has its own database where ion_auth should look for matching credentials
for example we have

app1's admin is : '[email protected]', with db : 'app1_db', url : '192.168.1.100/app1'
app2's admin is : '[email protected]', with db : 'app2_db', url : '192.168.1.100/app2'
app1's admin password is : 'monkey' while app2's admin password is different, say : 'horse'

If app1's admin login succesfully to the app1 system, the current behaviour is that if he types url to app2, he app1's admin can also access app2 system too


I don't think this is the intended behaviour. Problem is, maybe I don't know how to make separation among these 3 CI apps correctly. I'd thought by having separate databases for credentials is sufficient. Maybe there's something with sessions that can be done ?
Reply
  • Offline skunkbad
    Senior Citizen
  • *****
  • Posts: 1,300
    Threads: 63
    Joined: Oct 2014
    Reputation: 86
#2
03-25-2018, 12:23 AM

Sounds like a security issue where good session cookie is allowing instant login, yes?
Expert Website Development - Temecula, CA
Community Auth For CodeIgniter 3
Reply
  • Offline aleifuu
    Newbie
  • *
  • Posts: 7
    Threads: 2
    Joined: Dec 2017
    Reputation: 0
#3
03-27-2018, 09:43 PM

(03-25-2018, 12:23 AM)skunkbad Wrote: Sounds like a security issue where good session cookie is allowing instant login, yes?

Thanks for you reply. Any pointer to quickly overcome my problems above ? 

I guess there are myriad solutions out there. And while I research which one is suitable for what is needed in this scenario, I could just go with disabling Cookies in CI apps, no ?
Reply
  • Offline jreklund
    Administrator
  • *******
  • Posts: 1,408
    Threads: 3
    Joined: Aug 2017
    Reputation: 42
#4
03-28-2018, 11:41 AM

How have you configured your cookies correctly?
PHP Code:
$config['cookie_prefix']    = 'app1_';
$config['cookie_domain']    = '192.168.1.100';
$config['cookie_path']        = '/app1/';

$config['cookie_prefix']    = 'app2_';
$config['cookie_domain']    = '192.168.1.100';
$config['cookie_path']        = '/app2/'
Reply
#5
03-29-2018, 05:31 AM
(This post was last modified: 03-29-2018, 05:26 PM by ciadmin.)

Define two time cookies in config file. but session only single time.
$config['sess_driver'] = 'database';
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 7200;
$config['sess_save_path'] = 'ci_sessions';
$config['sess_match_ip'] = FALSE;
$config['sess_time_to_update'] = 300;
$config['sess_regenerate_destroy'] = FALSE;

By:Xtreem Solution

**SEO spam links redacted**
Reply
  • Offline aleifuu
    Newbie
  • *
  • Posts: 7
    Threads: 2
    Joined: Dec 2017
    Reputation: 0
#6
03-30-2018, 01:13 AM
(This post was last modified: 03-30-2018, 09:25 PM by aleifuu.)

Thanks for all your suggestions. Appreciate it =)


*Update 31 March 2018*

pretty much solve it by giving each app their unique session name in config.php 
previously all 3 apps use the same 'ci_session' as session name/identifier. I guess that's what mixes it up 
haven't had time fiddling around /w cookies, but I think will make sure unique cookies name based on domain and path as well

Cheers,
Reply




Theme © iAndrew 2016 - Forum software by © MyBB