Level 75
@piljac1 Just login with remember and it will work.
https://laravel.com/docs/7.x/authentication#remembering-users
May 6, 2020
8
Level 28
Programmatically login on subdomain without sharing the session
As some of you may already know, the session is different from subdomains to subdomains and it is also possible to share the same session between all subdomains via the domain session config.
However, I encountered a specific use case today. I need to have two different sessions (frontend domain / admin domain), but I need to be able to programmatically login an authenticated admin domain user to the frontend domain when clicking on a link that redirects to the frontend domain. Both subdomains share the same users table.
I haven't found a simple, clean and straight forward solution to this issue, so I need your expertise on this one !
Thanks in advance,
- Jacob
Level 28
How would that solve my problem ? Explain please :)
Level 75
That, what I know it's not possible what you want.
Level 28
That's what I thought, but I'll leave the thread open to see if somebody out there has an enlightening idea.
For now, we brainstormed and decided to go with a short expiry signed route which injects a session variable to the frontend domain. It's not logging in the backend user in the frontend, but it works for our specific use case.
I would have however preferred a possible login solution, so we'll see what happens with this thread :P
Level 5
The cookie is by default using the APP_NAME or config(app.name,"Laravel") You could do a dynamic change on the cookie name generation per domain.
default: laravel_session_hash or yourAppName_session_hash
I used (sub)domain_session_hash and works just fine
Simply checking the Request->getHost() and change the cookie name in the config repo in a service provider or middleware that fires before 'web'.
1 like
Level 122
Could you set the cookie domain to the parent domain? When the back end user logs in, give them a separate cookie which represents them in the backend.
When a user tries to access content for which they must be authenticated, the auth middleware runs.
You could adapt this to see if the user presented this backend cookie. If so, check their id and if ok, log them in.
You will need to ensure you set the app name so that session cookies are not confused.
Also watch mohammed said video regarding multi tenancy because a front end user could change the domain on their session cookie to gain access to the backend
1 like
Level 5
I have to add that I also changed the token part of cookie naming which is hardcoded to self::static in laravel. Not sure if you can change a cookie though as Laravel invalidates tampered with cookies. Although changing to a valid value may work lol.
1 like
Level 28
Please or to participate in this conversation.