Ok, thx, it works now! Thanks a lot for pointing me in the right direction. For others facing the same question, here's the complete solution I used:
error_reporting(E_ALL);
ini_set('display_errors', 1);
define('_JEXEC', 1);
define('JPATH_BASE', __DIR__);
require_once JPATH_BASE . '/includes/defines.php';
require_once JPATH_BASE . '/includes/framework.php';
// Boot the DI container
$container = \Joomla\CMS\Factory::getContainer();
/*
* Alias the session service keys to the web session service as that is the primary session backend for this application
*
* In addition to aliasing "common" service keys, we also create aliases for the PHP classes to ensure autowiring objects
* is supported. This includes aliases for aliased class names, and the keys for aliased class names should be considered
* deprecated to be removed when the class name alias is removed as well.
*/
$container->alias('session.web', 'session.web.site')
->alias('session', 'session.web.site')
->alias('JSession', 'session.web.site')
->alias(\Joomla\CMS\Session\Session::class, 'session.web.site')
->alias(\Joomla\Session\Session::class, 'session.web.site')
->alias(\Joomla\Session\SessionInterface::class, 'session.web.site');
// Instantiate the application.
$app = $container->get(\Joomla\CMS\Application\SiteApplication::class);
// Set the application as global app
\Joomla\CMS\Factory::$application = $app;
After this you can login with:
$result_login = JFactory::getApplication()->login(
[
'username' => 'user01',
'password' => 'secret'
],
[
'remember' => true,
'silent' => true
]
);
Or check if a user is already logged in or get the session info using:
$userInfo = \Joomla\CMS\Factory::getApplication()->getSession()->get('user');
$userSession = \Joomla\CMS\Factory::getApplication()->getSession();
var_dump($userInfo);
echo "<p>-</p>";
var_dump($userSession);
From a security point of view when you check if the user is already logged on:
-suppose a user installs his own joomla-site and on both sites the user 'admin' exists...
-An external script checking if the user is logged on, could be fooled in believing the user is logged on as admin? Or am I wrong? So how to check if the user is coming from the correct joomla-site?