How to preserve login across subdomains?

[Ali Camarata]

I have a website and want to have a couple subdomains inside the same app (such are forum.* and admin.*) but I want to preserve login status so when I switch to the subdomain it will automatically login, and if logged out will do the same - so (as much as possible) it is not like I left the site at all - though because it's a different origin I know it's impossible to preserve localStorage (right?) and so on...

What is the best way to use subdomains but completely make it like it's not a different site? I've already built my routes to handle everything but login and such are still hurdles.

[Abigail Watson]

I'd be interested in knowing this myself.  I think I recall that there's an experimental feature somewhere that's testing account authentication to multiple mongo databases; and someone was trying to get logins across subdomains working by having the different subdomains be able to point to the same mongo database for authentication.  In essence, if I recall the discussion correctly, it would wind up having a MONGO_URL and a MONGO_ACCOUNTS_URL.  Or something to that effect.  But for the life of me, I can't find the email thread now.

The first step would probably be to create two apps and point them to the same MONGO_URL.  The accounts collection should then be shared, and they should have the same crypto on the passwrods.  After that, it's a problem of passing client cookie and session data between URLs via localStorage, right?  Just brainstorming here, but I'd start by looking at the following methods, maybe:

Meteor.onConnection()
DDP.connect()

Meteor.loginWithPassword()

Meteor.logout()

Meteor.loggingIn()

Accounts.onLogin()

[Ali Camarata]

I have a single meteor instance that handles the domain + all it's subdomains via iron-router hacking and it works perfectly (so meaning also ONE single MongoDB).. the templates are name spaced and so on on but I get everything as desired. I can login with the same account on all subdomains also just fine but when I switch to one I have to login again, and if I logout on one I am only logged out on that one... the same MongoDB is used so that's not a problem

My only problem is that I want this to "feel" like one website and since I can't carry over Session Data I was hoping to hold everything in MogoDB under the user's accounts entry and automate/sync the login then I can use that "Session" data...

--
You received this message because you are subscribed to the Google Groups "meteor-talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to meteor-talk...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Ali Camarata]

Can you designate localStorage off your site's origin to be allowed to be shared with another origin... example is it possible to make localStorage be "ONE" for all *.domain.com? Since localStorage is used for sessions and hence login then that would fix everything - and really be a perfect solution - but I don't think that is possible,

[Emily Stark]

I don't think there's a super simple way to share localStorage across subdomains. You can always use the postMessage API to communicate anything across origins though. For example, on login.example.com, you could have an invisible iframe pointing to foo.example.com, and when the user logs in, you could use postMessage to send the token and user id from localStorage to foo.example.com which stores them in its own localStorage. (And on logout too.)

Hope that helps,

Emily