Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
M
M
magary42018-04-24 12:16:46
symfony
magary4, 2018-04-24 12:16:46

How to make authorization at once on 2 sites?

There are two independent sites ( A and B )
you need to make sure that if a user opens site B and at the same time he is logged in on site A, then we authorize him automatically
. Site A has an API to ask if the user is logged in, and this API can be extended in accordance with needs
in my head 2 thoughts
1. when a user opens site A we generate a hash from some browser data like user-agent, os etc
when we open site B we generate a hash again and do ajax to site A try to check if the user is logged in with such a hash
2. when the user logs in to site A, open an invisible iframe href="siteB/login_me?email=" site B processes this request, check that the request is from a specific domain and the user logs in, then when the user opens site B, the browser will send the cookie received through iframe earlier
or how can this case be solved?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
V
Vitaly Musin, 2018-04-24
@vmpartner

You can just insert a 1px image into site A from site B, and set the cookie.

Report
A
Alexander Aksentiev, 2018-04-24
@Sanasol

If the sites are on the same domain, then do SSO .
If on different ones, then crutch some integration of sessions, work through the apishka or other crutches. Well, or like SSO, only use between different domains.
1. You don’t need to use any browser data, this is your inner kitchen, so deal with it on the backend. Not to mention the safety of such methods.
2. And definitely not an option through an iframe, for the same reason as p1.

Report
V
Vitaly Arkhipov, 2018-04-24
@arvitaly

You are all correct in your reasoning, I can say how almost all major sites do it. If a user visits a page that requires authorization, but there is no information about it (there is no cookie, for example), then first there is a redirect to a certain authorization domain, and he already has a cookie, and he, in turn, redirects back and passes to the URL some authorization token for the first domain.

Similar questions
V
Valery2013-07-25 15:26:39
What does the yellow DB icon mean on the web-profiler panel? 1Reply
H
hitakiri2016-02-08 12:55:08
Is there a bundle in symfony to store the change history of a document? 2Reply
A
Andrey Godin2013-09-14 12:16:45
Template themes 1Reply
S
symnoob2020-07-02 08:58:40
Symfony - how to get Route name from Url? 0Reply
I
Ivan Antonov2016-02-16 12:01:54
How to migrate a website to Symfony? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question