• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
2.0 Auth library recommendations / session takeover

#1
[eluser]wwwald[/eluser]
It's been some time, but I'm starting on a new web project and planning to use CI Reactor (have been working with 1.7 before). I have 2 questions regarding authentication...

General question: what is the recommended / most stable auth library out there, that works with Reactor? I've been using DX_Auth before but it seems to be problematic to get running on CI Reactor, judging from forum posts.

More detailed question:
The website I'm working will have to interact with another website, but we connect to a shared MySQL database. One of the interactions concerns a unified login system: when people login on the other website, my site should take over the session without requiring a login again.
How would I go about this? I suppose this involves writing a custom session loading mechanism, right? Does anything like that exist already?

Thanks a lot for your help,
wwwald

#2
[eluser]Nick_MyShuitings[/eluser]
Tank Auth works out of the box with Reactor 2.X.

And for the unified login, if you are using database storage for session you should be able to rig something up, but System A will have to either learn to read/write System B's cookie format or System B will have to learn to read/write System A's cookie format. That comes down to studying the other systems way of storing logged in cookies, then you could modify Tank's login function to create that cookie as well as the other when logging someone in, and to have the autologon try to check that other cookie as well.

#3
[eluser]Aken[/eluser]
Yeah, basically the two sites will have to share a cookie. Although I personally would not recommend a setup like that. It's a privacy issue - users will be concerned when they visit a separate website and you already have their information.

#4
[eluser]mdvaldosta[/eluser]
Ion_auto is pretty good too.

#5
[eluser]wwwald[/eluser]
[quote author="Aken" date="1303883807"]Yeah, basically the two sites will have to share a cookie. Although I personally would not recommend a setup like that. It's a privacy issue - users will be concerned when they visit a separate website and you already have their information.[/quote]

The details of the setup still have to be figured out, but there's a good chance we'll be sharing domains & servers, so that would solve the privacy concerns.

For now, the other site uses plain PHP sessions for auth. I suppose that's not a bad starting point to start adjusting Tank Auth to pick up those sessions.

In any case, I'll probably reappear here for more detailed help once I dive into the session code :-)

Thanks a lot for the help,
wwwald


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.