4

I have one Laravel app for three websites, that are listed in my .env file

A_DOMAIN=example-A.com
B_DOMAIN=example-B.com
C_DOMAIN=example-C.com

My admin area is at example-A.com/admin. I want now that the admin can login with a user to one of the other domains.

This is what I tried so far:

public function login(User $user, $orga)
{
   \Auth::->login($user);

   return redirect(env($orga . '_DOMAIN'));
}

The problem is that since the admin area is at example-A.com/admin the call \Auth::->login($user); will login the user at example-A.com. This means that login($user, 'B') does login the user at example-A.com and then redirect to example-B.com where the user is not logged in.

My question: How can I login the user for any of the other domains of my app? Or is it possible to login a user at all 3 domains at the same time?

Adam
  • 25,960
  • 22
  • 158
  • 247

1 Answers1

2

What is needed is a possibility to transfer a session between 2 different domains.

In order to achieve that, you need to do following (this is one of the options):

  1. Create a method named setcookie on example-B.com and example-C.com, which can retrive a token and write user a session cookie.
  2. In the login method in example-A.com: Use curl to login in example-B.com. - I assume you have login controllers on your all 3 sites, and since the usage of curl is off topic, I'm not gonna to paste the code here, I'm sure you can handle that :)
  3. After a success login, get the session cookie from example-B.com.
  4. Show the logined user a <img> like <img src="http://example-B.com/setcookie?token=xxxx" style="display: none;" /> to write the session cookie to the admin user.
  5. Now the logined session has been transfered from curl to the user, he can now access example-B.com as a logined user.

EDIT: Sorry I don't use laravel very often :( I use a framework called ThinkPHP, its fashion in china, the syntax is similar to laravel, hope I can help you

For security reason, you can't set cookies for other domains, but you can get to the other domain and set a cookie for the user.

step 1 code:

Add a new controller and write a function in it:

public function setcookie($token = '') {
    // the $token here is the $_GET['token'] parameter filtered by the framework
    if(!empty($token) && strlen($token) > 0) { // check if the param is not empty...
        setcookie("PHPSESSID", $token, 0, '/', '', false, true); // this will set a cookie for anyone who visited this action
    }
}

So the curl logged in the user and got a session id, then the dashboard page shows user a hidden <img src="setcookie?token=xxx"> to set the user a session cookie with the session id curl got, then the user can visit the other site as a logged in user.

Zhwt
  • 426
  • 3
  • 13
  • Thank you. But its one Laravel app for all three domains. So on the server all three domains point to the same folder. I do not have 3 different laravel apps. The only way I can distinguish in my app if I have to show content for `example-A.com` or `example-B.com` is by checking `Request::root()`. Therefore I am actually surprised that a cookies on `example-A.com` do not work on `example-B.com` because they are in the same app. – Adam Mar 03 '18 at 14:21
  • @Adam Updated my answer :) – Zhwt Mar 03 '18 at 14:51
  • @Adam you can see [this link](https://stackoverflow.com/questions/6761415/how-to-set-a-cookie-for-another-domain) for why cannot set cookies between different domains – Zhwt Mar 03 '18 at 14:55