Reputation: 1707
Share user session between SPA (subdomain) and API in main domain
I'm working in an SPA (single page app), witch my idea is to deploy it in app.mydomain.com, and the thing is when a make a request to the API (CakePHP3 in mydomain.com) I cannot get data from authenticated user (if there is one).
I think I have two options, share session between domains, or use an user_token to make an authenticated call, but i'm not sure how it's works.
Any ideas / recomendations?
Regards!
Upvotes: 1
Views: 661
Answers (1)
Reputation: 421
I would recommend to use an "user_token". You could add an authentication endpoint to your API where the user sends the credentials and the endpoint returns an JWT. Then you should include this JWT in every subsequently request to your API (in the Authorization header). The API can then validate the request based on the JWT. In PHP there are already some good libraries to create and validate an JWT. If you have the time you should also take a look at OAuth2.
Upvotes: 1
Related Questions
- PHP Sessions across sub domains
- PHP session shared with subdomain
- Share common authentication token between web and app
- PHP cross subdomain session for subdomain on different server
- Share PHP Session across domain (main and sub domain)
- Share auth sessions across sub domains with multiple Laravel 5 installations
- PHP Session Variable from subdomain to main domain
- Passing session from sub-somain to domain
- Allowing sessions on multiple sites
- Sharing PHP session from subdomain to TLD