Results 1 to 5 of 5

Thread: FE_USER_AUTH cookie across subdomains

  1. 03/24/2011, 17:17 #1
    wal5hy
    wal5hy is offline
    New user
    Join Date
    08-04-09.
    Posts
    18

    Default FE_USER_AUTH cookie across subdomains

    Hi All,

    I've started making some good progress developing for Contao and really enjoy it.

    I've become stuck trying to allow a front end user to stay logged in across subdomains. The reason for this is that we have a multi-language site, each language on a different subdomain, and the checkout will be on another secure subdomain.

    I've tried to extend FrontendUser so that I can override methods which call $this->setCookie, so that the domain can include subdomains.

    i.e. change lines like this: (line 255)
    Code:
     $this->setCookie('FE_AUTO_LOGIN', $strToken, ($time + $GLOBALS['TL_CONFIG']['autologin']), $GLOBALS['TL_CONFIG']['websitePath']);
    to:
    Code:
     $this->setCookie('FE_AUTO_LOGIN', $strToken, ($time + $GLOBALS['TL_CONFIG']['autologin']), $GLOBALS['TL_CONFIG']['websitePath'], ".mysite.com");
    This seems to have problems of its own ( I have to override a lot of methods, from both FrontendUser and User)
    And so far doesn't yet seem to be working as expected (not sure if its my dev environment setup)

    But I can't help but wonder if there's another way to do this?

    maybe a new TL_CONFIG setting?
    $GLOBALS['TL_CONFIG']['cookieDomain'] = ".mysite.com";

    and then the System.php file can be altered (line 513 onwards) (I don't think I can extend and replace System class through an extension?)

    Code:
    	protected function setCookie($strName, $varValue, $intExpires, $strPath='', $strDomain=null, $blnSecure=null)
	{
		if (!strlen($strPath))
		{
			$strPath = '/';
		}
		$strDomain = $strDomain ? $strDomain : $GLOBALS['TL_CONFIG']['cookieDomain'];
		setcookie($strName, $varValue, $intExpires, $strPath, $strDomain, $blnSecure);
	}
    Has anyone come across a solution to this?
    Is it a totally bad idea to change System.php in this way?
    Reply With QuoteReply With Quote
  2. 03/24/2011, 20:24 #2
    Tru
    Tru is offline
    User
    Join Date
    07-26-09.
    Posts
    175

    Default Re: FE_USER_AUTH cookie across subdomains

    Is it generally a bad idea to modify the core files, because they will be overwritten by the next update. Why don't you set the cookie in a HOOK like postLogin? Isn't that possible?
    http://blog.qzminski.com/
    Reply With QuoteReply With Quote
  3. 03/28/2011, 12:39 #3
    wal5hy
    wal5hy is offline
    New user
    Join Date
    08-04-09.
    Posts
    18

    Default Re: FE_USER_AUTH cookie across subdomains

    This looks like exactly what I should be doing.

    Thanks for the pointer I will try that out
    Reply With QuoteReply With Quote
  4. 03/30/2011, 00:18 #4
    wal5hy
    wal5hy is offline
    New user
    Join Date
    08-04-09.
    Posts
    18

    Default Re: FE_USER_AUTH cookie across subdomains

    I have now tried using a hook to implement cross domain sign on looks like this:
    Code:
    Class AuthenticateAcrossDomains
{
	public function loginAcrossDomains($User) 
	{
		$this->setCookie('FE_AUTO_LOGIN', $User->autologin, ($User->createdOn + $GLOBALS['TL_CONFIG']['autologin']), $GLOBALS['TL_CONFIG']['websitePath'], '.mysite.com');
	}
	
	public function logoutAcrossDomains($User)
	{
		$this->setCookie('FE_AUTO_LOGIN', $User->autologin, (time() - 86400), $GLOBALS['TL_CONFIG']['websitePath'], '.mysite.com');
	}
}
    Good news, I can now log in across subdomains! by using the autologin feature of Contao (by setting FE_AUTO_LOGIN cookie domain to .mysite.com)

    Bad news: I can't log-out across domains!

    Reasons:
    • logout code only logs out the cookie on the current domain. I have no access to the other domains FE_USER_AUTH cookies at the time I am logging out.

    • I cannot overcome this because the postLogin hook occurs after the FE_USER_AUTH cookie is set (and is only set on the current domain) and therefore I cannot clear that cookie and set another one for all subdomains

    • I have tried hacking it so that I set an additional 'FE_USER_AUTH' (".mydomain.com") on postLogout but Contao doesn't work on any of the other sub domains (FrontendUser->authenticate() line:228 $this->reload() keeps getting called)


    Really scratching my head now. Seems like I have to alter/override System->setCookie or extend FrontendUser.

    Any other suggestions?

    thanks
    Reply With QuoteReply With Quote
  5. 03/30/2011, 00:49 #5
    wal5hy
    wal5hy is offline
    New user
    Join Date
    08-04-09.
    Posts
    18

    Default Re: FE_USER_AUTH cookie across subdomains

    Ok so I think I have found the best solution.

    Extend FrontendUser

    Code:
    class MyFrontendUser extends FrontendUser
{	
	/**
	 * Set a cookie across subdomains if the $strDomain isnt already set
	 * (non-PHPdoc)
	 * @see system/libraries/System::setCookie()
	 */
	protected function setCookie($strName, $varValue, $intExpires, $strPath='', $strDomain=null, $blnSecure=null)
	{
		$strDomain = (is_null($strDomain) ? ".mydomain.com" : $strDomain );
		parent::setCookie($strName, $varValue, $intExpires, $strPath, $strDomain, $blnSecure);
	}

}
    However theres a lot more to it than that. Becuase FrontendUser is initialised by the framework before I can instaniate MyFrontendUser. ....

    wrote this far too late last night, maybe go back to the drawing board ;o)
    Reply With QuoteReply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules