Blog Documentation Try Vanilla Cloud
Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options

jsconnect SSO on different sites

MaddawgX9MaddawgX9 New
in Vanilla 2.0 - 2.8

I need to implement an SSO solution with my site and my vanilla forums, but they reside on different servers and different domains, so I cannot use cookies to track session/auth info. The way I'm planning on handling this is once the user is logged into my site, they will click on the forums link and it will send them to vanilla forums with an additional parameter that contains the session info token (encoded of course). Then, when they get there, jsconnect makes it ajax call to my auth page, and I'm going to have it pass the session token along with the usual client_id, timestamp, and all that jazz so then my auth page only needs to check that session token to verify that user is logged in.

My question is: Does this sound like a reasonable solution? Based on what I have seen, it is not an easy task to add info to the SSO ajax call to the json auth page.

Comments

  • Options
    MaddawgX9MaddawgX9 New

    It seems to be an issue with cookies. The auth page should have been getting the cookie and it wasn't. Problem resolved.

Sign In or Register to comment.