Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Laravel: How to Auth for Multi-Domain

Tags:

authentication

php

laravel-5

I have one Laravel app for three websites, that are listed in my .env file

A_DOMAIN=example-A.com
B_DOMAIN=example-B.com
C_DOMAIN=example-C.com

My admin area is at example-A.com/admin. I want now that the admin can login with a user to one of the other domains.

This is what I tried so far:

public function login(User $user, $orga)
{
   \Auth::->login($user);

   return redirect(env($orga . '_DOMAIN'));
}

The problem is that since the admin area is at example-A.com/admin the call \Auth::->login($user); will login the user at example-A.com. This means that login($user, 'B') does login the user at example-A.com and then redirect to example-B.com where the user is not logged in.

My question: How can I login the user for any of the other domains of my app? Or is it possible to login a user at all 3 domains at the same time?

like image 748
Adam Avatar asked Nov 15 '25 18:11

Adam

1 Answers

What is needed is a possibility to transfer a session between 2 different domains.

In order to achieve that, you need to do following (this is one of the options):

  1. Create a method named setcookie on example-B.com and example-C.com, which can retrive a token and write user a session cookie.
  2. In the login method in example-A.com: Use curl to login in example-B.com. - I assume you have login controllers on your all 3 sites, and since the usage of curl is off topic, I'm not gonna to paste the code here, I'm sure you can handle that :)
  3. After a success login, get the session cookie from example-B.com.
  4. Show the logined user a <img> like <img src="http://example-B.com/setcookie?token=xxxx" style="display: none;" /> to write the session cookie to the admin user.
  5. Now the logined session has been transfered from curl to the user, he can now access example-B.com as a logined user.

EDIT: Sorry I don't use laravel very often :( I use a framework called ThinkPHP, its fashion in china, the syntax is similar to laravel, hope I can help you

For security reason, you can't set cookies for other domains, but you can get to the other domain and set a cookie for the user.

step 1 code:

Add a new controller and write a function in it:

public function setcookie($token = '') {
    // the $token here is the $_GET['token'] parameter filtered by the framework
    if(!empty($token) && strlen($token) > 0) { // check if the param is not empty...
        setcookie("PHPSESSID", $token, 0, '/', '', false, true); // this will set a cookie for anyone who visited this action
    }
}

So the curl logged in the user and got a session id, then the dashboard page shows user a hidden <img src="setcookie?token=xxx"> to set the user a session cookie with the session id curl got, then the user can visit the other site as a logged in user.

like image 183
Zhwt Avatar answered Nov 18 '25 07:11

Zhwt

Sign in to Comment

Related questions

PHP-mysqli can't connect to MySQL 8.0.16 running in a Docker

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!