I’ve developed an API function with php to make a user login from siteA to siteB.
siteA-login.php
$url = "https://api.siteb.com/login";
$cookie = "cookie-api.txt";
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
//curl_setopt($curl, CURLOPT_POST, 1);
curl_setopt($curl, CURLOPT_POSTFIELDS, "data=".json_encode($curlPost));
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt ($curl, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($curl, CURLOPT_COOKIEJAR, $cookie);
curl_setopt ($curl, CURLOPT_COOKIEFILE, $cookie);
curl_setopt ($curl, CURLOPT_REFERER, $url);
$response = (curl_exec($curl));
curl_close($curl);
header("location: https://siteb.com/restricted-content");
This is siteb where I login the user with CI4:
$session = session();
$session->set(array('user'=>$user));
However after the redirect I go to login page and not in the restricted content.
How can I solve?
>Solution :
you can’t set Cookies for other domain as you are on.
maybe you can try something like this:
- User try to login
- API request from A to B to get a Key ( remembered in Database Site B )
- Redirect User with this Key to Site B ( query in Database if key correct )
- Login User, delete Key to prevent second usage