• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Login to client account programatically

#1
Hi,

I have an app which has a master account/database running on "example.com", with client accounts/databases using subdomains, e.g. "test.example.com".

I am trying to add a function in the master account to programatically login as the admin user of the client account. I can connect to the client DB, get the admin user, and set the session as I normally would for a normal login, but the problem I'm having is the session cookie is being set on example.com rather than test.example.com, causing the login to fail.

I can't set the cookie domain to be ".example.com" (site-wide) as each client account must have separate logins/sessions.

The simplest solution I could think of was would be to change the cookie domain before setting the session, so this one off time it would use my specified domain instead, i.e.:

PHP Code:
$this->config->set_item('cookie_domain''test.example.com'); 

This however doesn't seem to update the cached config item in the Session library.

My question is, is there any way to update this value dynamically in this way? If not, is there an alternate solution to my problem?

Any ideas are appreciated, and I can answer any additional questions about my app if you need.

Thanks,
Jay.
Reply

#2
Any devs can shed some light?

@kilishan @narf?
Reply

#3
https://tools.ietf.org/html/rfc6265

Quote:For example, the user agent will accept a cookie with a Domain attribute of "example.com" or of "foo.example.com" from foo.example.com, but the user agent will not accept a cookie with a Domain attribute of "bar.example.com" or of "baz.foo.example.com".

I would use the ".example.com" as the session domain and perform an extra check inside each sub domain (My controller) to ensure that the current user is inside his correct subdomain.
Reply

#4
(02-24-2017, 06:07 AM)Diederik Wrote: https://tools.ietf.org/html/rfc6265

Quote:For example, the user agent will accept a cookie with a Domain attribute of "example.com" or of "foo.example.com" from foo.example.com, but the user agent will not accept a cookie with a Domain attribute of "bar.example.com" or of "baz.foo.example.com".

I would use the ".example.com" as the session domain and perform an extra check inside each sub domain (My controller) to ensure that the current user is inside his correct subdomain.

Thanks for the suggestion! I might use that as a backup in the event that I can't find another solution, as I'd prefer to use the native cookie domain as an extra layer of security.

Still open to other suggestions.
Reply

#5
Just a thought, could I use the native PHP functions for setting the session/cookie in this one instance so I can specify the domain manually? Or does the CI methods do extra work which would cause issues with my app?
Reply

#6
Cheeky bump.
Reply

#7
Session library of CI 3 is just a wrapper for the native PHP session. So yes, you can use native PHP functions for sessions.
Reply

#8
Even trying with the native PHP functions, I can't get it to work Sad

Any other suggestions? I'm struggling with this one.
Reply

#9
Are all subdomains a separate CI installantion?
Reply

#10
No, they are all under one installation. Each subdomain is a separate DB though. The app looks at the subdomain, and uses that to connect to that account's DB.
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.