Web Connection
Switching subdomains and keeping session
Gravatar is a globally recognized avatar based on your email address. Switching subdomains and keeping session
  Phil Sherwood
  All
  Jul 28, 2017 @ 07:24am

I'm working on an app that let's the user signup and during signup they can choose a subdomain to use for their login.

When the signup is complete, I'd like to keep them signed in, but switch to their subdomain. In the process, The session is getting cleared. I assume that's because the url is changing.

My thinking is to save the session id in the user record and then reconnect it once the domain changes. Is this the best way to handle this?

Anyone else had to handle this situation?

Thanks in advance,

-Phil

Gravatar is a globally recognized avatar based on your email address. re: Switching subdomains and keeping session
  Phil Sherwood
  Phil Sherwood
  Jul 28, 2017 @ 08:20am

I decided to just display the login page and let them login after they've signed up. That takes care of this problem.

Still curious how you could handle this scenario. I've seen other sites do this when I sign up. Might come in handy some day.

-Phil

Gravatar is a globally recognized avatar based on your email address. re: Switching subdomains and keeping session
  Rick Strahl
  Phil Sherwood
  Jul 28, 2017 @ 09:44am

I don't think there's a way to create a cookie that works across domains. The way that's typically is handled via central authentication (single sign on) using an external provider, but even then you essentially still have to re-authenticate but it can be handled automatically as the central auth still is active (ie. you're still logged into to Google/Github/Twitter/FaceBook etc.).

For standard simple local auth there's no way to do that however and re-login is a common way to do that. Most sites that issue UID/PWD will make you login in immediately with your new credentials to verify that you got them (and usually force you to validate via a confirmation email and custom link).

+++ Rick ---

Gravatar is a globally recognized avatar based on your email address. re: Switching subdomains and keeping session
  Phil Sherwood
  Rick Strahl
  Jul 31, 2017 @ 06:09am

Thanks for the reply Rick.

I decided that sending them to the login page was the correct way to go for now. I'll probably implement the activation link and won't let them do anything once they log in until they activated their account.

-Phil

© 1996-2017