Welcome Guest, Not a member yet? Register   Sign In
Login to client account programatically
#1

Hi,

I have an app which has a master account/database running on "example.com", with client accounts/databases using subdomains, e.g. "test.example.com".

I am trying to add a function in the master account to programatically login as the admin user of the client account. I can connect to the client DB, get the admin user, and set the session as I normally would for a normal login, but the problem I'm having is the session cookie is being set on example.com rather than test.example.com, causing the login to fail.

I can't set the cookie domain to be ".example.com" (site-wide) as each client account must have separate logins/sessions.

The simplest solution I could think of was would be to change the cookie domain before setting the session, so this one off time it would use my specified domain instead, i.e.:

PHP Code:
$this->config->set_item('cookie_domain''test.example.com'); 

This however doesn't seem to update the cached config item in the Session library.

My question is, is there any way to update this value dynamically in this way? If not, is there an alternate solution to my problem?

Any ideas are appreciated, and I can answer any additional questions about my app if you need.

Thanks,
Jay.
Reply
#2

Any devs can shed some light?

@kilishan @Narf?
Reply
#3

https://tools.ietf.org/html/rfc6265

Quote:For example, the user agent will accept a cookie with a Domain attribute of "example.com" or of "foo.example.com" from foo.example.com, but the user agent will not accept a cookie with a Domain attribute of "bar.example.com" or of "baz.foo.example.com".

I would use the ".example.com" as the session domain and perform an extra check inside each sub domain (My controller) to ensure that the current user is inside his correct subdomain.
Reply
#4

(This post was last modified: 02-25-2017, 03:46 AM by JayAdra.)

(02-24-2017, 06:07 AM)Diederik Wrote: https://tools.ietf.org/html/rfc6265

Quote:For example, the user agent will accept a cookie with a Domain attribute of "example.com" or of "foo.example.com" from foo.example.com, but the user agent will not accept a cookie with a Domain attribute of "bar.example.com" or of "baz.foo.example.com".

I would use the ".example.com" as the session domain and perform an extra check inside each sub domain (My controller) to ensure that the current user is inside his correct subdomain.

Thanks for the suggestion! I might use that as a backup in the event that I can't find another solution, as I'd prefer to use the native cookie domain as an extra layer of security.

Still open to other suggestions.
Reply
#5

Just a thought, could I use the native PHP functions for setting the session/cookie in this one instance so I can specify the domain manually? Or does the CI methods do extra work which would cause issues with my app?
Reply
#6

Cheeky bump.
Reply
#7

Session library of CI 3 is just a wrapper for the native PHP session. So yes, you can use native PHP functions for sessions.
Reply
#8

Even trying with the native PHP functions, I can't get it to work Sad

Any other suggestions? I'm struggling with this one.
Reply
#9

Are all subdomains a separate CI installantion?
Reply
#10

No, they are all under one installation. Each subdomain is a separate DB though. The app looks at the subdomain, and uses that to connect to that account's DB.
Reply




Theme © iAndrew 2016 - Forum software by © MyBB