Hi, I need to be logged in multiple sites on the same domain after logging to master website. I have two websites - domain.com and child.domain.com. When I logged in to master website - domain.com - I have to be automatically logged in to child website on the same subdomain, so that I can switch to it in a browser.
Note: any existing public solutions for multisite functionality do not fit, since I have to be logged in to child websites only If I logged to master. Not backwards.
Settings:
*Site is on Drupal 7. Single code base.
*I've setuped Services 3 using Rest.
*End point setup: Authentication - Session authentication checked.
*On both sites in settings.php $cookie_domain = '.domain.com';
*Different databases for each domain on the the server.
I created a module and hooked a hook_user_login in a way that every time user logs in to master website - domain.com, using CURL i automatically send a login request to child server.
/**
* Implementation of hook_user_login.
*/
function user_agf_login_user_login(){
$url = "child.domain.com/api_shell/dev/user/login.json";
$request = array('username' => $username, 'password' => $password);
$answer = array();
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($request));
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($ch, CURLOPT_TIMEOUT, 270);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$answer = curl_exec($ch);
if ($answer === FALSE) {
throw new Exception("Connection failed, url " . $url, 3);
}
curl_close($ch);
$usr = json_decode($answer);
}I am able to receive a session name and session id and all other information about user. After that when I open a tab in the same browser OR do automated redirect, I am not logged in to the child website. I think I need to set cookie somehow to a browser.
I tried to set additional options to CURL
curl_setopt($curl, CURLOPT_COOKIE, $session_cookie);
where session_cookie is sesion_name()=session_id(); But it did not work.
How can I do it in this case?
Please advise. Maybe the approach is wrong?
Just in case I attach phpinfo screen shot.
| Attachment | Size |
|---|---|
| phpinfo-sessions section.png | 42.5 KB |
Comments
Any suggestions? It is still
Any suggestions? It is still relevant
couple thoughts
At a cursory glance, it seems that the master site is authenticating to the child site (e.g. server to server communications) but perhaps it isn't going to work from the browser if the child session cookie isn't being set/sent to the browser...? Or you may have a collision in the session cookie -- I would expect strange behavior attempting to set two session id's for the same '.domain.com' into cookie storage (probably want to try setting session cookies with unique domain values for each of the master and child in such a case).
Might be better to take the master session id and sync it to the child site, so the initial session cookie works for both. Off the top of my head, I'm not sure how to do that tho (see bakery suggestion below). The drupal_session_* (api) functions might provide some clues on how drupal handles the primary session.
Alternatively, have you considered the bakery module? It may serve your purpose; if it doesn't match your use case precisely enough, the bakery code should serve as a great reference point to achieve your custom implementation.
--
matt j. sorenson, g.d.o., d.o.