Allowing member access to multiple contexts

73 Posts

keiron77 Reply #1, 11 years, 2 months ago

I have 3 websites (each with it's own domain name) built into one MODx Revo (2.2.5) which are for members only, each requiring a login on the homepage. What I need to do is allow Member A to login to Website A but jump to Website B without having to login again (if they are a member of Website B).

Some users will only access one site, others could be multiple.

Things I have thought that I might need to do:

Share php sessions - not possible (I don't think);
Share cookies - not possible on different domains;
Add a link between sites which would allow an encrypted string to be passed, which once decrypted would allow the user in;
Use the modx_sessions table - not sure how this could work, if possible;

Any ideas?

☆ A M B ☆
2,475 Posts

Everett Reply #2, 11 years, 2 months ago

I don't think you need to do any of those things -- you should be able to edit the permissions for the User Group and grant access to multiple contexts. Go to Security --> Access Controls and right-click the User Group you set up to establish logins to the front-end of the site. Then on the "Context Access" tab, add the other context(s) with the "Load, List, and View" access policy.

Keep in mind that this solution would apply for all users in that User Group. If you need more granular control, you might need to create a few new rules for the existing User Group as to which Resource Groups it has access to, or you can leverage Roles somehow, or you could create a new "cross-context" user group.

Hosting stuff: http://fireproofsocks.com/
Coding stuff: http://craftsmancoding.com/
Blog stuff: http://tipsfor.us/

73 Posts

keiron77 Reply #3, 11 years, 2 months ago

OK... (slightly puzzled how this would work)

How does Website B know who I am when I get there from Website A? Surely I would need to pass something for it to know who I am?

☆ A M B ☆
2,475 Posts

Everett Reply #4, 11 years, 2 months ago

I should clarify: when you say you have 3 websites running on a single MODx instance, did you accomplish this by adding 2 additional contexts to the default "web" context? If so, then MODx will track the login info for you -- PHP already knows your session ID to identify your user, so beyond that, it's just a matter of checking to see which permissions a user has. If you log into a "cross-context" User Group, then you would be able to successfully request resources from either context. I'm assuming you have a Resource Group for "Members Only" or something, and you are leveraging that to restrict access. The permissions rules for a Context are just an extension of that.

Hosting stuff: http://fireproofsocks.com/
Coding stuff: http://craftsmancoding.com/
Blog stuff: http://tipsfor.us/

73 Posts

keiron77 Reply #5, 11 years, 2 months ago

If I used subdomains this looks promising: http://rtfm.modx.com/display/revolution20/session_cookie_domain

"This setting is useful to change if you are running multiple Contexts on one top-level domain, but want to share logins across them"

☆ A M B ☆
2,475 Posts

Everett Reply #6, 11 years, 2 months ago

Ah, yes: good point. The last time I did multiple contexts I structured it as 3 sub-folders across the main domain to avoid that problem.

Hosting stuff: http://fireproofsocks.com/
Coding stuff: http://craftsmancoding.com/
Blog stuff: http://tipsfor.us/

73 Posts

keiron77 Reply #7, 11 years, 2 months ago

Web context is no longer used and I have 3 new contexts in the tree. Each has it's own settings for home page, domain name etc.

I have just tried returning the session id for 2 of my sites and they are different. Apart from viewing from the same ip address the server sees me as 2 different users.

☆ A M B ☆
2,475 Posts

Everett Reply #8, 11 years, 2 months ago

Hmm... I see what you mean. I think I underestimated the original problem. This might land you back into one of your original ideas. E.g. passing the MODx session ID as a URL parameter, then checking to see if a session exists for that ID for Site A, and if yes, then creating a new session for site B. There probably are some security considerations here...

I wonder if you could extend/override the modSessionHandler class and then update the session_handler_class System Setting to get the functionality you need. It's probably possible, but I can definitely see why it's easier to stick to contexts as sub-folders or to simply force re-authentication.

Hosting stuff: http://fireproofsocks.com/
Coding stuff: http://craftsmancoding.com/
Blog stuff: http://tipsfor.us/

73 Posts

keiron77 Reply #9, 11 years, 2 months ago

Yeah, I will start to write something from scratch I think based on modSession and passing a unique string over. If it's any good I might upload it for people to pick apart and improve.

Thanks for looking and if you have any smart ideas let me know!

24,544 Posts

BobRay Reply #10, 11 years, 2 months ago

This will log the user in to multiple contexts:

$usr = $modx->getObject('modUser', $user->get('id'));
$modx->user =& $usr;
$modx->getUser();
$contexts = $modx->getOption('contexts', $scriptProperties, $modx->context->get('key'));
$contexts = explode(',', $contexts);
foreach ($contexts as $ctx) {
    $modx->user->addSessionContext($ctx);
}

I think you could put the contexts as a comma-separated list in the &contexts property of the Login snippet, modify the above code to log the user in to only the contexts they're qualified for, and use it as a postHook for Login.

That way, the users would already be logged in to all their contexts and you could forward them at will. You might have to use an intermediate page with $modx->switchContext($newContext) and then $modx->sendRedirect() to forward them, but I'd try it first without that.

Did I help you? Buy me a beer
Get my Book: MODX:The Official Guide
MODX info for everyone: http://bobsguides.com/modx.html
My MODX Extras
Bob's Guides is now hosted at A2 MODX Hosting