Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
Multiple fuelphp app instances and single login
  • Hi,

    I would like to know if it would be possible to have multiple app instances in different subdomains (but in different servers) but share login information. I use ormauth/simpleauth (no opauth).

    I mean you log in to instance app1.domain.tld and there you have a link to app2.domain.tld and you do not need to login again, some sort of autologin to the second site.

    Of course, I should take care of updating all different databases everytime a new user is created.
    Is there a way I could share eg. a cookie that would be valid for auth through several subdomains.
    Each app would be in a different server, so I would not be able to share database connections.

    Any ideas?
    Thanks!
  • Harro VertonHarro Verton
    Accepted Answer
    If you set your session cookie domain to ".domain.tld", it should be shared between all subdomains.

    This will only work if app applications share the same database, at least for the Auth tables. A copy won't work, as it will check the login_hash in the user table.

    If that is not possible, local auth isn't an option.

    The obvious alternative is Opauth, in combination with either a public OAuth service, or your own OAuth service. Once you have a valid Oauth session, access to the other servers will not prompt for the login again.

    Since Opauth works by creating a dummy local user, this only works if you don't have any security settings locally (groups, roles, ACL), because this dummy user is in the database, and you'll bump into the problem again that it should be populated and the same for all servers.

    Final solution is to write a custom Auth solution, which replaces the local DB calls in Simpleauth or Ormauth by REST calls to your own Auth service. And have your Auth server check for authentication, group membership, ACL access, etc.
  • First of all, thank you for the prompt answer.

    So the simplest solution would be to have a common database.

    If when the user logs in in the first app instance, I have a function that updates the login hash in the other instances, would that work, too?

    All other options seem too complicated, and as you say, I do use groups, roles, etc.

    Thanks a lot
  • The biggest problem with local databases is keeping everything in sync. Not only the login_hash, but every change to any of the auth tables.

    If you have sorted that our, a session cookie on your main domain should do the trick, yes.

    I personally think that having an admin app with local auth tables, maintenance controllers for auth maintenance (the admin backend), and a simple REST API to provide auth services to your other apps, is less complicated than fixing the sync issue, but ymmv... ;-)
  • You are probably right.
    How about a central mysql server for all apps?
    Wouldn't that be simpler?
  • Depends on what you mean by central.

    When you mentioned separate servers, I assumed them to be not secure and together. If you have secure LAN access between all servers, I would absolutely go for a shared database server. We don't do anything but (front-ends running in VM's on different servers, all connecting to a single database cluster).
  • I'll try that first, then.

    Thanks a lot!
    Kind regards
  • Hi again Harro,

    I did set up successfully a mysql server common to several front-ends using an ssh tunnel.
    Works fine and every instance logs in successfully.

    I
    am struggling with the '.domain.tld' cookie setting, as it seems to be
    not working (I am faced with the login prompt when I change
    application).

    I have edited config.php

      /**
    * Cookie settings
    */
    'cookie' => array(
    // Number of seconds before the cookie expires
    // 'expiration' =>0,
    // Restrict the path that the cookie is available to
    'path' => '/',
    // Restrict the domain that the cookie is available to
    'domain' => '.domain.tld',
    // Only transmit cookies over secure connections
    'secure' => true,
    // Only transmit cookies over HTTP, disabling Javascript access
    // 'http_only' => false,
    ),

    but it is not working. When the page loads, the fuelcid cookie gets the full subdomain.domain.tld name.

    Do I have to set this somewhere else?
    Did I misunderstood something?
    One more thing:
    If I edit the cookie manually using firebug and rename it to ".domain" it works as expected, and allows me to log in automatically throughout the frontends, so it may relay only in the setting of the cookie.

    Thanks, regards
  • Harro VertonHarro Verton
    Accepted Answer
    Sessions don't use the generic cookie configuration. There is a custom config (same list of fields) in the session.php configuration file.
  • Wonderful!!

    Works perfect!!

    Thank you so much!!

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion