#1
  1. A Change of Season
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    3,103
    Rep Power
    220

    Same site different url based on user category.


    Hello;

    I want users with category X in db to see the exact website but under another url.

    Let me explain quickly:

    Those accounts where user category is X, use the app.siteB.com url instead of the app.siteA.com url

    Basically exact same site under another URL. So everything they see is the same but the URL

    So all the system urls would be the same.

    The websites are EXACTLY the same and when I make changes to app.siteA.com I want app.siteB.com to see the same changes as well.

    How can I do this?

    Thank you
  2. #2
  3. Forgotten Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    16,209
    Rep Power
    9644
    Make both sites point to the same vhost on the same server, and have the vhost support both domains.

    In code, use HTTP_HOST to block users from logging into the wrong site. In case they do manage to log in (eg, copying a session ID) check on page loads and serve a 403/404 in case of a mismatch - which you can do by simply storing the correct HTTP_HOST value in the session and comparing it to the current value.
  4. #3
  5. A Change of Season
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    3,103
    Rep Power
    220
    Originally Posted by requinix
    Make both sites point to the same vhost on the same server, and have the vhost support both domains.

    In code, use HTTP_HOST to block users from logging into the wrong site. In case they do manage to log in (eg, copying a session ID) check on page loads and serve a 403/404 in case of a mismatch - which you can do by simply storing the correct HTTP_HOST value in the session and comparing it to the current value.
    I thought the easiest way would be to get both sites to show the same site (point to the same host as you said). Then inside the application when they log in, I check the "account category" and the current URL, if the category is X, then we redirect to siteA.

    That way I don't need to mess with sessions.

    Do you see anything wrong with that?
  6. #4
  7. Banned (not really)
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 1999
    Location
    Caro, Michigan
    Posts
    14,741
    Rep Power
    4536
    How does a user stay logged in (authenticated) if you're not already messing with sessions?

    If I go to SiteA.com, log in and your script sees I'm a SiteB.com user, how do you propose to redirect me to a new domain and still keep me logged in? Any session or cookie you set on SiteA will not be available on SiteB.

    If by redirect, you mean send me to the SiteB login page, then that's fine. I would suggest showing an error message and link instead, though. "You do not appear to have an account on this domain. Perhaps you meant to log in here: siteB.com"
    -- Cigars, whiskey and wild, wild women. --
  8. #5
  9. Wiser? Not exactly.
    Devshed God 2nd Plane (6000 - 6499 posts)

    Join Date
    May 2001
    Location
    Bonita Springs, FL
    Posts
    6,036
    Rep Power
    4101
    Originally Posted by Sepodati
    If I go to SiteA.com, log in and your script sees I'm a SiteB.com user, how do you propose to redirect me to a new domain and still keep me logged in? Any session or cookie you set on SiteA will not be available on SiteB.
    If the sites share the same backend resources (database, cache, disk, etc) you could create an auto-login system for each site and use that when redirecting to prevent users having to login twice if they go to the wrong site. I did this years ago when integrating separate PHP and ASP.NET websites that shared a database but did different things.

    - User logs into siteA.
    - SiteA sees it's a SiteB user.
    - Generate a random token used to identify the user and store it.
    - Redirect to SiteB with the token, eg app.siteB.com/login?asdftokenasdf
    - Pull the token from the URL and lookup the user using it.
    - Initialize the user's new session with them already logged in.

    The token needs to be purely random and should be time limited. Since the whole process shouldn't take more than a few seconds I'd time limit it to a minute or two probably, and once used it should be deleted/invalidated.
    Recycle your old CD's



    If I helped you out, show some love with some reputation, or tip with Bitcoins to 1N645HfYf63UbcvxajLKiSKpYHAq2Zxud
  10. #6
  11. A Change of Season
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    3,103
    Rep Power
    220
    Originally Posted by kicken
    If the sites share the same backend resources (database, cache, disk, etc) you could create an auto-login system for each site and use that when redirecting to prevent users having to login twice if they go to the wrong site. I did this years ago when integrating separate PHP and ASP.NET websites that shared a database but did different things.

    - User logs into siteA.
    - SiteA sees it's a SiteB user.
    - Generate a random token used to identify the user and store it.
    - Redirect to SiteB with the token, eg app.siteB.com/login?asdftokenasdf
    - Pull the token from the URL and lookup the user using it.
    - Initialize the user's new session with them already logged in.

    The token needs to be purely random and should be time limited. Since the whole process shouldn't take more than a few seconds I'd time limit it to a minute or two probably, and once used it should be deleted/invalidated.


    Thanks I think this is what I was trying to say
  12. #7
  13. Banned (not really)
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 1999
    Location
    Caro, Michigan
    Posts
    14,741
    Rep Power
    4536
    Originally Posted by kicken
    If the sites share the same backend resources (database, cache, disk, etc) you could create an auto-login system for each site and use that when redirecting to prevent users having to login twice if they go to the wrong site. I did this years ago when integrating separate PHP and ASP.NET websites that shared a database but did different things.

    - User logs into siteA.
    - SiteA sees it's a SiteB user.
    - Generate a random token used to identify the user and store it.
    - Redirect to SiteB with the token, eg app.siteB.com/login?asdftokenasdf
    - Pull the token from the URL and lookup the user using it.
    - Initialize the user's new session with them already logged in.

    The token needs to be purely random and should be time limited. Since the whole process shouldn't take more than a few seconds I'd time limit it to a minute or two probably, and once used it should be deleted/invalidated.
    So long as the user is notified of what's going on, that's a good method. Have fun writing it for EBT.
    -- Cigars, whiskey and wild, wild women. --

IMN logo majestic logo threadwatch logo seochat tools logo