$u_email = $_SESSION['user_email'];
setcookie('user_email',$u_email,time() + (86400));
echo ($_COOKIE['user_email']);
We have a website (
www.xyz.com) and mybb forum (
www.community.xyz.com)
Both have different database table and different structure. But I am thinking that it would be possible to do SSO using their email with cookie.
I have set cookie for user's email on our main site (see code above). So when they logged in on our main website the cookie will get the user's email. Now, when they visit the forum they should automatically logged in when the user's email is also existing to forum's database.
Where do i find the function/ code to let the user logged in (forced login) on the forum?
This is not a secure procedure.
What about if I create my own cookie on your site with another email, maybe of an administrator? You login me as admin?
It's better to get the user ID from the cookie mybbuser ( struture of cookie: uid_token ) on your website and not vice versa. With the ID, in your website you can get user email.
(2016-03-15, 08:30 AM)grork Wrote: [ -> ]This is not a secure procedure.
What about if I create my own cookie on your site with another email, maybe of an administrator? You login me as admin?
It's better to get the user ID from the cookie mybbuser ( struture of cookie: uid_token ) on your website and not vice versa. With the ID, in your website you can get user email.
Good point. Thank you, by the way I am new to this. And I want to learn more about using cookie and then use them to make an SSO login to our website as well as to the forum. Do you have any more idea in implementing this?
That was my idea.
In your webiste you'll check if user is logged in checking if the cookie mybbuser exists and getting user info by the id in the cookie value.