How to pass data to other site

jemz · August 20, 2020, 10:18am

Hi, can I ask some help I have data, like userid, password, and username, I want to send this to my other site, via anchor tag my second site is Laravel . how can I send this and secure the data the reason I’m doing this is I want my user to autologin in the second site?

Thank you in advance.

igor_g · August 20, 2020, 12:31pm

As I anderstood problem, your second site - from another domain. Then you should save session id in DB or some another persistent storage, and send it to second site with request.

Gandalf · August 20, 2020, 1:28pm

I’m not sure there is any way to securely send a password from one site to another.

SamuelCalifornia · August 23, 2020, 4:54pm

Your requirements are vague. Is the sending of userid and password a requirement or is that your solution to a more fundamental requirement? My guess is that you need to somehow sign into another website. That type of thing is sometimes done such as a store might redirect to PayPal or a bank and then proceed after PayPal or the bank has processed a login. And Social Security and the Veteran’s Administration use a vendor (id.me I think for one of them) to securely identify the user. I am not sure how Experian interfaces with the user’s bank for their Boost service.

Is your fundamental requirement that users of one site be able to do the equivalent of a login to another site? If so then it is likely better to not send the userid and password across the domains; other websites seem to use other solutions.

pandglobal · August 23, 2020, 6:02pm

Novice suggestion.

The login form in site A once is submitted and is validated then do this
Create a database or what ever means you are storing logged in users in Server B.
Then create a datebase connection for the second serverB and add the details there and mark it as logged in.
This is only possible if you are using database to show is logged in or not.

E.g if password and username match then column active = true

So any user with that session id is automatically logged in on server B

It opens you up to session hijacking bcs thats exact method you will use to pass the session.

Curl which will call the loggin scripts in server b and validate and log the user in.
The password will be passed in encrypted form and then validate at server B

The only problem to this is passing session id or any indentifier on the users browser.
Perhaps use cookies store in the users browser through site A and then when he visits site B you query his browser for such cookie.

pandglobal · August 23, 2020, 6:12pm

This is how the is logged in table will look like

userid | pass | sessionid | active
6      | ***** | fshvdn35 | true

So your always query this table like this
If sessionid = fshvdn35 && active = true
Then user is logged in as user 6
And can access other rights as a logged in user

igor_g · August 23, 2020, 6:22pm

Cookies by default are visible for it domain only. If you redirect to another domain, you should to send session id e.g. with some request header.

pandglobal · August 23, 2020, 6:30pm

Yes session can be good for this than cookie, but he must protect against session hijacking too.
Because apart from that session id there is no other security layer in place.
This means that once anyone takes hold of the session id he has automatically logged in.

So i will propose adding ip address too and system unique indentifier to the IS USER LOGGED IN TABLE.

So verification query goes like this
If sessionid = && ip = && system key = && active = true

Then user is logged in

system · November 24, 2020, 2:55pm

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.