handling language dependent domain names

Events happening in the community are now at Drupal community events on www.drupal.org.
joe.murray's picture
Posted by joe.murray on January 26, 2012 at 11:09pm

CIRA, the Canadian Internet Registration Authority, is moving to implement internationalized domain names that will support a few accented characters common in French.

We see more and more organizations that want to have their domain name reflect their organization name and brand as localized in various languages, such as xfoundation.ca and fondationx.ca.

Unfortunately, there is no good way currently so far as I know to share cookies across different domains such as this (unlike subdomains, per RFC 2109). As Drupal uses cookies for session information, there is no good way to implement a single sign on solution for mirrored sites in English and French, other languages elsewhere.

What is the current best practice for supporting the localization of domain names in Drupal 7? Are there any hacks to settings.php that can help, or is it necessary to use an external service for single sign on? What about iFrame ?

Categories: , , , , ,

Comments

From my experience the only

Posted by das-peter on January 27, 2012 at 8:40am
das-peter's picture

From my experience the only viable solution is to build some kind of single sign on service.
I didn't such a thing in Drupal yet but the basic architecture is the same.
Because of lack of time I don't draw a sequence diagram but try to describe what the sequence could look like:

  1. xfoundation.ca: User visits page, but doesn't have the cookie "sso" & the current session is invalid - user is redirected to fondationx.ca
  2. fondationx.ca: Checks if there's a valid session cookie
    1. If not - handle login, show form etc.
    2. If yes and or login was successful - register validation token (e.g. a table with the fields: token, sessionid)
    3. Redirect user back to xfoundation.ca - add the validation token as GET parameter to the redirect
  3. xfoundation.ca: If a validation token is present in the request...
    1. Check if the validation token is available
    2. Write the related sessionid into the session cookie.
    3. Set cookie "sso" to prevent unnecessary redirect

Done xfoundation.ca and fondationx.ca should now share the same session.
This scenario is just a quick shot, I've worked with similar systems and it's very important to cover every aspect/scenario - what this description definitely doesn't.
One thing to mention is, that the intial cookie checks / redirects should be done outside of Drupal.
I think it should be doable by apache or even varnish.
Bootstrapping Drupal for every of those redirects would unnecessarily slow down the whole process.
The other stuff should be doable with a module - hope to see such a module soon on d.o. ;)

Cheers
Peter

Cando Image GmbH
Else Züblinstrasse 115 :: CH-8404 Winterthur :: Switzerland

Here's an old module that

Posted by dalin on January 27, 2012 at 2:27pm
dalin's picture

Here's an old module that would do the trick:
http://drupal.org/project/multisite_login

--

Dave Hansen-Lange
Director of Technical Strategy, Advomatic.com
Pronouns: he/him/his

How much for a D7 release?

Posted by joe.murray on February 5, 2012 at 3:45am
joe.murray's picture

My client is likely to just live with separate logins for each tld in the short term though it means that users can't easily switch between languages. Dalin, I see you are the maintainer of multisite_login. Has consideration been given to a D7 release? On the off-chance my client would like to pay for the D6 -> D7 upgrade, what would you estimate the cost to be?

Joe Murray

Hi Joe, multisite_login has

Posted by dalin on February 6, 2012 at 4:05pm
dalin's picture

Hi Joe,
multisite_login has been unmaintained for a while now because we have no current clients that use it. Given my crazy personal life I don't have opportunity to maintain the module on my own time (freelance, or just for fun). So you are welcome to take over the module if you like. And unfortunately Advomatic doesn't do small one-offs like this. On the plus side, D7 should make things a lot easier due to sites.php (We'd no longer need to reverse engineer the domain from conf_dir()).

--

Dave Hansen-Lange
Director of Technical Strategy, Advomatic.com
Pronouns: he/him/his

What about this...

Posted by kristen pol on January 30, 2012 at 5:11am
kristen pol's picture

I haven't tried this method but maybe it will fit your needs:

http://www.lullabot.com/articles/drupal-single-sign-across-sub-domains

Kristen

This method is perfect. With

Posted by fastangel on January 30, 2012 at 6:58am
fastangel's picture

This method is perfect. With the cookie domain is no longer necessary modules or anything. Because you are sharing the session in both portals.

But this method only works

Posted by ordermind on February 1, 2012 at 11:26pm
ordermind's picture

But this method only works for subdomains and that solution is already known, the issue here is how to solve sso for multiple top domains.

For multiple domain you can

Posted by fastangel on February 2, 2012 at 7:07am
fastangel's picture

For multiple domain you can use this module http://drupal.org/project/sso

Ah, yes

Posted by kristen pol on February 2, 2012 at 8:13pm
kristen pol's picture

Good point... didn't catch that was only for subdomains.

Maybe someone will port the SSO module to D7.

Kristen

multisite_login seems more

Posted by joe.murray on February 5, 2012 at 3:47am
joe.murray's picture

multisite_login seems more mature than sso, but neither have a D7 release.

Joe Murray

AI/Drupal Toronto

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds:

Hot content this week

See all hot content.