Siteaccess, domain names and login

Author Message

Maxime Thomas

Monday 31 August 2009 2:36:06 am

Hi,

I've got an issue for one of my project and maybe someone could help.

The website has several domain names but one siteaccess.

We have made a SSO handler to manage the automatic connexion.

Strangely, when are doing a redirection between two websites in a PHP custom module, we have a redirection loop only under IE. It seems to be linked to cookies. Under FF, there's no problem and redirection are well done.

As far as I know, the eZSession is creating a cookie for each domain name while we are expecting just one. So we have three cookies for the three domain names. I guess that the SSO Handler is called only when we have an anonymous user.

Is there a special way to make SSO Handler declaring only one cookie ?

Any suggestion is welcome !

Maxime Thomas
[email protected] | www.wascou.org | http://twitter.com/wascou

Company Blog : http://www.wascou.org/eng/Company/Blog
Technical Blog : http://share.ez.no/blogs/maxime-thomas

André R.

Monday 31 August 2009 3:17:03 am

"I guess that the SSO Handler is called only when we have an anonymous user."
yes.

"As far as I know, the eZSession is creating a cookie for each domain name while we are expecting just one."
PHP is controlling this, so you can't do anything about it unless they are all subdomains of one base domain.
Try the redirect loop SSO stuff in ezvlogin extension, it loops over all the domains on login and logs the user in on all sites. So the user has a uniqe session on all domains as one would expect.

[0] http://projects.ez.no/ezvlogin
[1] (RedirectList) http://svn.projects.ez.no/ezvlogin/trunk/ezvlogin/settings/vlogin.ini.append.php

eZ Online Editor 5: http://projects.ez.no/ezoe || eZJSCore (Ajax): http://projects.ez.no/ezjscore || eZ Publish EE http://ez.no/eZPublish/eZ-Publish-Enterprise-Subscription
@: http://twitter.com/andrerom

Maxime Thomas

Monday 31 August 2009 6:44:55 am

Thank you Andre, it does the trick.

However, we still have an issue on the session side. We set some data in the $_SESSION value before login in and after those data has disappeared.
Any idea ?

Maxime Thomas
[email protected] | www.wascou.org | http://twitter.com/wascou

Company Blog : http://www.wascou.org/eng/Company/Blog
Technical Blog : http://share.ez.no/blogs/maxime-thomas

André R.

Monday 31 August 2009 8:18:46 am

The data will not be shared as they have different sessions on all sites, you can however use ezpreference. If your talking about loosing session data on login on the same server, then your probably on 4.1.0? (known issue there)

eZ Online Editor 5: http://projects.ez.no/ezoe || eZJSCore (Ajax): http://projects.ez.no/ezjscore || eZ Publish EE http://ez.no/eZPublish/eZ-Publish-Enterprise-Subscription
@: http://twitter.com/andrerom

Maxime Thomas

Monday 31 August 2009 9:08:40 am

Yes this is our version.
Does a patch exist ? Do you know where I can fix that ?
Is there a "better" solution than using the ezpreference ?

Maxime Thomas
[email protected] | www.wascou.org | http://twitter.com/wascou

Company Blog : http://www.wascou.org/eng/Company/Blog
Technical Blog : http://share.ez.no/blogs/maxime-thomas

André R.

Tuesday 01 September 2009 12:44:30 am

Yes, just download updated version of ezsession.php (Only needed for 4.1.0!):
http://pubsvn.ez.no/nextgen/stable/4.1/lib/ezutils/classes/ezsession.php

But, there are plenty of things fixed in 4.1.1 and 4.1.2 (and a 4.1.2 regression in 4.1.3), so you really should update. And remember, it's just a matter of updating the files, run the sql updates and clear some cache. It's not like 4.0.1 / 4.0.2 update unfortunately was.

ezpreferences are user centric instead of session centric, so better for your scenario maybe. But I don't know what your using it for, as I have a hard time understanding what you need to share between the sites that you choose to use session for:)

eZ Online Editor 5: http://projects.ez.no/ezoe || eZJSCore (Ajax): http://projects.ez.no/ezjscore || eZ Publish EE http://ez.no/eZPublish/eZ-Publish-Enterprise-Subscription
@: http://twitter.com/andrerom

Maxime Thomas

Tuesday 01 September 2009 1:34:39 am

Actually, we are in eZ 4.1.3. :-/
The point is that we are doing things in a website, we redirect to another website and then we comeback to continue the stuff we were doing :

www.site1.com/module/action --> www.site2.com/other_module/other_action --> www.site1.com/module/action

At step 1, we got some data in a session varaible ($_SESSION['mydata']), but at step3, those data has disappered. Our investigation leads us to the conclusion that eZPublish makes a kinf of reset for the session.

Maxime Thomas
[email protected] | www.wascou.org | http://twitter.com/wascou

Company Blog : http://www.wascou.org/eng/Company/Blog
Technical Blog : http://share.ez.no/blogs/maxime-thomas

Lazaro Ferreira

Tuesday 01 September 2009 1:44:57 am

Hi,

It looks like you are trying to implement a web service, Have you looked at ezpublish REST extension, to implement this ?

Lazaro
http://www.mzbusiness.com

Maxime Thomas

Tuesday 01 September 2009 2:37:04 am

Not exactly.
We want to redirect to another website that is centralizing susbscriptions.
But when we come back from this website, the session is "cleaned".

Maxime Thomas
[email protected] | www.wascou.org | http://twitter.com/wascou

Company Blog : http://www.wascou.org/eng/Company/Blog
Technical Blog : http://share.ez.no/blogs/maxime-thomas

Maxime Thomas

Wednesday 02 September 2009 2:15:00 am

I finally found a wild redirection...
Thanx for your participation.

Maxime Thomas
[email protected] | www.wascou.org | http://twitter.com/wascou

Company Blog : http://www.wascou.org/eng/Company/Blog
Technical Blog : http://share.ez.no/blogs/maxime-thomas

Powered by eZ Publish™ CMS Open Source Web Content Management. Copyright © 1999-2014 eZ Systems AS (except where otherwise noted). All rights reserved.