Fork me on GitHub
Current releases are 2.1.3 (9 Sept 2014) and 2.0.18.13 (5 Aug 2014)

Ready for 2.1? Find out if your favorite plugins are compatible. The 2.0 branch will no longer receive updates after Dec 2014.

ProxyConnect doesn't request authenticate url when we type the vanilla url in the browser

edited May 2011 in Vanilla 2.0 Help
I have implemented SSO between my rails app and vanilla using ProxyConnect. The issue is that when I log into my rails app and then open vanilla in another tab (or in the same tab) it doesn't access the authenticate url, but when I explicitly click the sign in button it accesses the authenticate url (I can see it in the logs) and the user is shown as logged in.
Is there some kind of caching in place that I need to turn off so that it calls the authenticate url whenever vanilla is accessed and login cookie is not set.

On a side note: Can we somehow turn off the username requirement for vanilla. I had to implement a separate flow and take username when user tries to access vanilla for the first time. Why can't we use email as the username? These days people hate filling forms...smaller the better.
Tagged:

Comments

  • edited May 2011
    I'm having the same issue on PHP:
    browsers: Chrome & Firefox
    PHP version: PHP 5.3.3-7+squeeze1 with Suhosin-Patch
    Vanilla: 2.0.17.10
    ProxyConnect: 1.9.3

    Actually, I don't ever see any Vanilla forum page making requests to access the authenticate url, doesn't matter if user is logged into our main site or not. (using firebug to view the network requests).

    I've seen other threads about this. We are basically going to try to fix it ourselves. If there's a patch out there or if someone can indicate if it's fixed in the 2.0.18 beta that would save us alot of time!!!

    Peter
  • TimTim Lord of Servers Vanilla Staff
    I have implemented SSO between my rails app and vanilla using ProxyConnect. The issue is that when I log into my rails app and then open vanilla in another tab (or in the same tab) it doesn't access the authenticate url, but when I explicitly click the sign in button it accesses the authenticate url (I can see it in the logs) and the user is shown as logged in.
    Is there some kind of caching in place that I need to turn off so that it calls the authenticate url whenever vanilla is accessed and login cookie is not set.

    On a side note: Can we somehow turn off the username requirement for vanilla. I had to implement a separate flow and take username when user tries to access vanilla for the first time. Why can't we use email as the username? These days people hate filling forms...smaller the better.
    ProxyConnect will try once to automatically sign-in a cookie-less user, but will set a cookie userID of -1 if it fails. Subsequent page requests will not attempt to ping the authenticate URL.

    On a busy site with many guests, this is the desired behavior, and is required in order to prevent self-DOS. Think about it ;)

    You could hack it to not do this, but I don't recommend it. Nor do I have time to figure out how.

    Vanilla Forums Senior Developer [GitHub, Twitter, About.me]

  • Thanks Tim, I have it working now. The reason you described above makes sense, and I was having problems probably because I had played around with the cookie of my main site and it was failing for the first time. Still not sure about the reason, but the good thing is that it works now :)
Sign In or Register to comment.