Joomla login subdomains

[jjreicher]

I have a few subdomains on my website that point to the main page (subdomain.mysite.com points to mysite.com). I would like to set it up so that users can specify a subdomain for themselves that would result in the following:
1) User goes to mysite.com
2) User logs in
3) User is redirected to subdomain.mysite.com, where the subdomain is specified in the user's cb profile. User remains logged in.

Currently, redirects to the subdomain seem to "cancel" the logging-in procedure.

Ideas?

[jjreicher]

After further research, I think I can simplify my question.

Is there a way to login on Joomla across subdomains?
I need someone who logs in at example.com to be logged in for all subdomains.example.com also, automatically.

[ranwilli]

Some of the extensions shown here can accomplish that (or something like it):


Multi Site Extensions

Good Luck!

[jjreicher]

After an exhaustive search and a lot of trial and error, I found the line of code that needed editing.

Login session handling for joomla is in the joomla.php file in the includes folder. Around line 900, look for

return md5( 'site' . $mainframe->getCfg( 'live_site' ) );

Comment this line out and replace it with:
return md5( '.example.com' );

The actual text is irrelevant, so you can actually use .example.com if you like.

Doing this changes the session name so that it is not variable across your subdomains. Now if you login at example.com or any of the subdomains, you are logged in across the entire site. Tada!

[jjreicher]

Well I've spoken too soon....sort of. Turns out this solution works in IE, but not in firefox. Anyone know about differences between the way cookies are handled in IE vs firefox?

[leolam]

You cannot do this. You need a plugin that handles it. Multiple reasons and the issue is not cookie related but no use to explain here. Visit the site of elearningforce.biz and find single login and more

cheers
Leo

[jjreicher]

Solved again!

My previously described fix (editing joomla.php to change the session name) works only in IE.

Another fix, editing joomla.php around line 697 and again around 715 so that the setcookie lines become:

setcookie( $sessionCookieName, '-', false, '/' , '.example.com' );
setcookie( $sessionCookieName, $session->getCookie(), false, '/' , '.example.com' );

Note the period before the example.com, that's the key.
This fix works ONLY in firefox. Does nothing for IE, as far as I could tell.

So do both, and you're off and running.

[leolam]

have you tried to return to your page from where you logged in with a link? (not talking "back" button in your browser) could become cloudy on your smile

Also checked if this works in IE6 (bet it won't) FF2 and FF3? Checked if this works in Mozilla and Opera and on a Mac? etc etc etc? The world is little bigger than FF3.x and IE7...

Next question: IE8 beta tested? so I can go on for some hours? Again it is a personal "fix" which I wont describe as such to be honest since it is not cross browser compatible and won't stand any core upgrades since you have to redo it again..

Have you tested in/with latest CB release? (supporters only!)

[jjreicher]

i'm no expert on this stuff, but i kinda think it will work--cookies only have a few variables and i've basically set them.

works in ie7, ff3, ie6. i'd like to test it further, but i'm still new at this and don't have a good way of doing it. do you have a good way to test older version of ie, ff, safari?

thanks for the input.

[jjreicher]

For anybody interested in this issue in the future, the changes seem to reflect perfectly in IE5.5, IE6, IE7, FF3, Safari3, and Opera. I have not tested it further, but would expect it to work in FF2--and this would then cover more than 99% of internet users.

[mywebedu]

Can you please help me.

I am also in similar situation but using Joomla 1.0.15.
I tried to follow the above steps but nothing happens.... :-(

*** I am using CB 1.2. (Forgot to mention )

Regards
Shyam

[jjreicher]

Did you edit the "return md5" piece and the "setcookie" lines? Have you tried seeing if your edits worked in various browsers?

I may not be able to help, but I can say a couple things. First off, whether this exact fix works will depend a lot on what exactly you are trying to do. My version should work for sites with a single database where login info and session info are stored. This does not mean it can't be generalized for more complex uses (like multiple DBs), but that will likely require further work.

There are two important places where session/cookie information is stored: on the user's computer and in the website's database. My changes essentially made it so that cookie information written in both places calls the domain ".example.com," while many other fixes only deal with one location (just on the user's computer). To see if it's working as you expect, you can check 1) your site's database while you are logged-in, in the sessions table and 2) your browser's cookies (easiest to see in FF) to see if they are generalized to your main domain.

[mywebedu]

I am in love with joomla .....

thanx jjreicher .. for such a nice post ....
I am done with my configuration ...... and its working ......

thnx a lot ..

regards
shyam

[mywebedu]

I am not stucked in my admin issue ....
I am not able to login into my admin panel ....

regards
shyam

[mywebedu]

cleared ... just done the smae changes to administrator/index.php and index2.php

[jjreicher]

Sounds like everything is working, glad I could be of some help. If you had to make any other changes, it'd be good to post them and/or the issues you faced here as many are trying to resolve similar problems.

[mywebedu]

1-2-3 to enable multi sub-domain login functionality :
1. The sub-sites must be in same database with separate table prefix
2. find the setCookie function in all files.... set the domain for cookie to be '.mydomain.com', starting '.' is a must, to work with and without www.

Code: Select all

setcookie( $sessionCookieName, '-', false, '/' , '.example.com' );
  setcookie( $sessionCookieName, $session->getCookie(), false, '/' , '.example.com' );

3. replace session name to the same '.mydomain.com', search for MD5('site'. mosconfig_live_site); change it to

Code: Select all

return md5( 'site' . $mainframe->getCfg( 'live_site' ) );
Comment this line out and replace it with:
return md5( '.example.com' );

4. search #__session in your code and replace with the --> XXXsession , where XXX is the prefix of main website, where user will login, this will enable you to store the session in same database tables.
5. 2,3 steps allow to set cookie properly, 4 step allow you to save session in common table.
6. do these step throughout the joomla code.

dats all.....

IMP : Can anybody tell us the security risk associated with this approach.

regards

[gdog]

Is there any advice for accomplishing this for Joomla1.5.6?

It appears these instructions are for 1.0.x.

Thanks.

[jjreicher]

I do not have experience with J1.5, but I am confident that there is a way to do it anyways. The question what exactly "it" is. What specifically are you trying to accomplish?

The methods listed above are meant for single-database multi-subdomain, though similar changes could potentially work across multiple DB's. See http://forum.joomla.org/viewtopic.php?f=126&t=20323 for some more information also.

The main goal is to edit how Joomla! sets cookies so that the cookies are no longer subdomain-specific. In standard Joomla they are set, either via cookie name or cookie id, to work only for one subdomain, which has certain advantages.

[gdog]

Would like to have the joomla user session function across subdomains such as http://www.domain.com, user1.domain.com so that I can use the subdomain as a variable to present different information for different community users. Certain users will have a subdomain, but the general user may switch between bob.domain.com and sally.domain.com and I do not want them logged out on the switch. It is one joomla installation and database but can be accessed via any subdomain.

I cannot find where the changes need to be made in 1.5.6 with community builder 1.1 to change the cookie Host to .domain.com without the subdomain. Right now it is setting with bob.domain.com as the host.

[jjreicher]

Alrighty. The good news is that this has been accomplished exactly as you describe in J1.0. The bad news is that I haven't seen posts of someone doing the same thing in J1.5 yet, although one person asked about it in the other related forum about joomla sessions. Did you take a look through the link I listed in my last post? Basically you need to find where in J1.5 Joomla is setting cookies--probably through the setcookie() function in some file akin to joomla.php in J1.0. What I do is use Agent Ransack, a freeware that can search text within files, and I search my entire website folder for the word "setcookie." Can you locate it? If so, what file is it in? What are the variables being used in the setcookie, and how many different places is it called? I'm sure there's a way to fiddle with the function and get things working.

[gdog]

I tried locating setcookie but could not seem to track down a fix that way.

For me what worked was modifying function_start() in joomla 1.5.6 /libraries/joomla/session/session.php

At line 411 I changed
session_cache_limiter('none');
session_start();

to
ini_set('session.cookie_domain', '.putyourdomainhere.com');
session_cache_limiter('none');
session_start();

Hopefully this saves someone else the time I wasted today.

[jjreicher]

Thanks very much for posting the precise solution. Hopefully people will be able to get this working on both Joomla versions now!

[mywebedu]

If any one using it in 1.0.15 then you can get into trouble ..... whenever you use some editor in frontend ...
all uses cookie and sessions and ... dats terrible when nothing happens on submit button ....

looking for solution ...

will update all ASAP

[Ricu]

I tried locating setcookie but could not seem to track down a fix that way.

For me what worked was modifying function_start() in joomla 1.5.6 /libraries/joomla/session/session.php

At line 411 I changed
session_cache_limiter('none');
session_start();

to
ini_set('session.cookie_domain', '.putyourdomainhere.com');
session_cache_limiter('none');
session_start();

Hopefully this saves someone else the time I wasted today.

Bumping the topic for a question but first i'd like to thank you for this quick solution of session sharing,

The question is how to logout from all the subdomains , becasue when i logout of xxx.domaina.com and go to zzz.domain.com im still logged in , and when i go back to xxx.domain.com im logged in back there to.

Posible solution ?

[gdog]

I do not know exactly, but you could try looking for a session_destroy(); and precede it with the
ini_set('session.cookie_domain', '.putyourdomainhere.com');

Only a guess.

[Ricu]

Yup, worked like a charm,
i've tryed it myself before but ive set the ini_set(); above the session_unset...

if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time()-42000, '/');
}

session_unset();
session_destroy();

i've set it between the two and it works.

Thank's a zilion ;-)

[Ricu]

Well , it kinda workes so it seems ,

When i login at domain.com i am logged in at all subdomain xyz.domain.com
when i logout at domain.com i am logged out of all subdomains xyz.domain.com

but now when i login at zzz.domain.com i am logged in everywhere
but when i try to log out of domain.com after i've logged in at zzz.domain.com it loggs me out but only until i visit zzz.domain.com , i;m still logged in there as it seems , and after that if i return to domain.com im logged in there to.

[recraig2]

Has anyone worked this out for Joomla 1.5? I've been searching for this sort of solution since February 2009.

[CoeyCoey]

Me too. Still trying to find a solution for this. None of those mentioned work on Joomla 1.5.12