Answer the question
In order to leave comments, you need to log in
How to distribute authorization to different domains?
Good day.
The question is this: there is a forum on one domain, let's call it forum.su (forum on cms xenforo)
And a self-written site on another domain, say site.su
Authorization on the site occurs through the forum api.
The question is, how can you implement session transfer between these domains, or I don’t know how to describe it in another way.
In short, so that when a user logs in to the site, he also logs in to the forum, and vice versa.
This obviously cannot be done through cookies, it seems like you can’t access cookies from another domain.
But, for example, on the toaster, giqtimes and habré, authorization is common, how is it implemented?
Answer the question
In order to leave comments, you need to log in
Issue a token upon authorization, which the client will send with requests somewhere. Google JWT
You can use only one of the domains for authorization by sending requests to it.
That is, when requesting from the second domain, give an alternative session variable, with this variable already receive data.
In this case, you will need to remember about the allow-origin header.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question