-
Notifications
You must be signed in to change notification settings - Fork 4
Cross module authentication
Neil M edited this page Jan 24, 2022
·
2 revisions
We (try to) maintain user accounts and sessions between Laravel, Discourse and MediaWiki.
Laravel is the authentication source of truth.
Discourse logs in via SSO against Laravel.
We log the user in to MediaWiki via an API call during Laravel login
- restarters.net has its own session cookie, set on login
- name: restarters_session
- domain: .restarters.net I think
- session length: configurable via .env
- map.restarters.net shares this cookie
- talk.restarters.net has its own session cookie, set by Discourse during the SSO process
- name: can't remember
- domain: talk.restarters.net I think
- session length: configurable via Discourse
- wiki.restarters.net has its own session cookie, that we retrieve on successful Laravel login from the MediaWiki API during MediaWiki login, and add to the users cookie collection
- name: can't remember
- domain: .restarters.net I think
- session length: don't know
I think we clear the Laravel and MediaWiki session cookie at logout, but not sure about the Discourse one.