Good day. Is simultaneous authorization possible on the main domain and its mirror? If so, how? It is desirable to work with cookies, rather than with the sessions. But as I understand it, cookies are written only for one domain.
|
2 answers
Copy Yandex Solution
In Yandex, all login forms are tracked to one point ( passport.yandex.ru ) and passed along with the login and password to the return URL. The passport climbs into the database, checks the validity of the password and, if everything is ok, it shows the user a page with invisible pictures for a short time, which are loaded from all domains where authorization is needed. everything is very tricky in terms of security, tokens and all that, but these are details. in short, the user's browser sends requests for these pictures, and for these requests, the actual authorization takes place. after all the pictures are loaded, the user redirects back to where he came from. not very elegant, for my taste, scheme, but, apparently, does not exist better.
Andrey Surzhikov Andrey Surzhikov
314 3 eleven
|
You can make an iframe, i.e. for example, on site1.ru, when a user clicks on a button, he logs in, and an invisible iframe appears with authorization on site2.ru/auth.php?login=test&pass=7624 or not iframe, but simply count site2.ru/auth.php?login=test&pass=7624 via file_get_contents , i.e .:
<?php //.... авторизация, если всё введено верно, а также file_get_contents("http://site2.ru/auth.php?login=".$login."&pass=".$pass); ?> 
Nicolas Chabanovsky ♦
38.2k 54 220 437
iproger iproger
2.871 2 27 70
|