|
Joined: Aug 2007
Posts: 33
newbie
|
newbie
Joined: Aug 2007
Posts: 33 |
Hi all,
Our BBS is locked to non authenticated users and we share another website with our BBS that the same user has to log into. I wonder if there's a way I can create the login cookie and place it when the user logs into the sister site so that they don't have the relogin to the BBS. Has anyone tried this? Any ideas on what attributes I need to set for the cookies? We use ASP.NET on the other site.
Thanks for any tips and Happy Holidays.
|
|
|
|
Joined: Jun 2006
Posts: 9,242 Likes: 1
Former Developer
|
Former Developer
Joined: Jun 2006
Posts: 9,242 Likes: 1 |
Hmm, is it on a different domain? If that's the case then I don't think you can set cookies for another domain. It's also more than just a cookie as it actually needs to update the database as well.
|
|
|
|
Joined: Aug 2007
Posts: 33
newbie
|
newbie
Joined: Aug 2007
Posts: 33 |
I was afraid of that. Thanks.
|
|
|
|
Joined: Jun 2006
Posts: 16,301 Likes: 116
|
Joined: Jun 2006
Posts: 16,301 Likes: 116 |
Cookies are meant to be used on a site/site basis, it's the way they're "secure" so some random site doesn't just jack user cookies, so think of it as security
|
|
|
|
Joined: Jun 2006
Posts: 3,837
Carpal Tunnel
|
Carpal Tunnel
Joined: Jun 2006
Posts: 3,837 |
The downside to this is, if you run more than one domain name for the same site it is not possible to be logged into to multiple domains at once. Even going from domain.com to www.domain.com or viceversa will find you logged out (unless one forwards to the other, which often they do not - e.g. http://ubbcentral.com/forums/ubbthreads.php/ubb/cfrm and https://www.ubbcentral.com/forums/ubbthreads.php/ubb/cfrm ) It would be nice to be able to specify multiple domains - I seem to remember a hack for this some time ago on threads.
|
|
|
|
Joined: Jun 2006
Posts: 16,301 Likes: 116
|
Joined: Jun 2006
Posts: 16,301 Likes: 116 |
Well, the issue isn't with threads, it's just with how cookies work, they're not cross-site for security sakes... It's not like you can edit threads to read other sites cookies, that'd make the whole standardization with them reguarding security obsolete as any site could read out your cookies for another site then trounce around as you...
|
|
|
|
Joined: Jun 2006
Posts: 3,837
Carpal Tunnel
|
Carpal Tunnel
Joined: Jun 2006
Posts: 3,837 |
sure, I do not disagree about cookies - but I do remember a hack that Dave (Lister?) wrote over at threadsdev a hack to have two (or more) domains.
|
|
|
|
Joined: Jun 2006
Posts: 16,301 Likes: 116
|
Joined: Jun 2006
Posts: 16,301 Likes: 116 |
It allows it to read cookies from other domains? I'm not sure I'm able to buy that... You'd think you'd run into cross domain issues.
|
|
|
|
Joined: Jun 2006
Posts: 3,837
Carpal Tunnel
|
Carpal Tunnel
Joined: Jun 2006
Posts: 3,837 |
it used to work well - you just listed your domains such as domain1.com; domain2.com etc.
Like several hacks though, it was not supported when a new version came out, and so stopped working.
|
|
|
|
Joined: Jun 2006
Posts: 16,301 Likes: 116
|
Joined: Jun 2006
Posts: 16,301 Likes: 116 |
Sounds interesting enough, wonder if I can dig it up at ubbdev
|
|
|
|
Joined: Apr 2007
Posts: 3,940 Likes: 1
Former Developer
|
Former Developer
Joined: Apr 2007
Posts: 3,940 Likes: 1 |
i've done this for a customer. they login to domain1.com (kinda like a main portal site) and it sets the domain1's cookies.. then there is a small API on the threads side (ubbthreads.php) that notes this cookie and auto logs the user into domain2.com (where threads is).. so it's a mod and possible
|
|
|
|
Joined: Jun 2006
Posts: 16,301 Likes: 116
|
Joined: Jun 2006
Posts: 16,301 Likes: 116 |
Ahh, now that sounds plausible and well within the way cookies work ...
|
|
|
|
Joined: Aug 2007
Posts: 33
newbie
|
newbie
Joined: Aug 2007
Posts: 33 |
i've done this for a customer. they login to domain1.com (kinda like a main portal site) and it sets the domain1's cookies.. then there is a small API on the threads side (ubbthreads.php) that notes this cookie and auto logs the user into domain2.com (where threads is).. so it's a mod and possible Excellent, is this a mod available for 7.2?
|
|
|
|
Bots
by Outdoorking - 04/13/2024 5:08 PM
|
|
|
|
|
2 members (Geoff, 1 invisible),
692
guests, and
171
robots. |
Key:
Admin,
Global Mod,
Mod
|
|
|
|