CB login / CB connect without cookies

11 months 3 weeks ago #333413 by activha
CB login / CB connect without cookies was created by activha
Hi Kyle
Following my devs and posts www.joomlapolis.com/forum/developer-members-support/245744-cb-connection-from-a-link-with-query and www.joomlapolis.com/forum/developer-members-support/245731-cb-login-authentication-token I was able to make a nice widget to be displayed on outside websites.

This is working fine except that on Safari and Chrome which blocks external cookies, it's impossible for our users to log in to our website and get no limitations to their questions. See for instance ma-revelation.fr/ with the CB button.

Is it possible with CB Login or CB connect or an autoaction to have a login behavior without cookies for our users. I mean that they would enter their id/password, be recognized and sent back to the iframe with an authorization token or something like this. I need something without cookies.

For now only Firefox would allow log in.

I know that Joomla uses cookies to maintain the user session but I need only a confirmation back to allow the user to continue using the same page on the iframe.

Can I have your thoughts about this ? is it feasible with Community Builder ?

Thanks a lot 

Please Log in to join the conversation.

11 months 3 weeks ago #333416 by krileon
Replied by krileon on topic CB login / CB connect without cookies
That's probably due to the below change in Chrome awhile back (a good change!).

chromestatus.com/feature/5088147346030592

You'd need to set a cookie with Same-Site option set to None to allow it to work in an iframe outside its origin. You might be able to just modify the existing Joomla session cookie and set its Same-Site, which by default is empty (not the same as None).


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in to join the conversation.

11 months 3 weeks ago #333420 by activha
Replied by activha on topic CB login / CB connect without cookies
Do you know where I can change this setting ?
Do I have to modifiy core joomla files because it's not in the config settings ?

Please Log in to join the conversation.

11 months 3 weeks ago #333422 by krileon
Replied by krileon on topic CB login / CB connect without cookies

Do you know where I can change this setting ?

I don't think Joomla offers a setting to change this, but I could be wrong. My guess is it would be somewhere in Joomla's global configuration. Most likely it doesn't though and you'd need to modify the cookie yourself using PHP.

Do I have to modifiy core joomla files because it's not in the config settings 

Probably, or edit the cookie from PHP after it has already been set. To do that you get the cookie, set your new values, then create the cookie again. Looks like there was a big discussion on adding a SameSite param that ultimately didn't go anywhere. Some suggestions for things to try there though. Link below.

github.com/joomla/joomla-cms/pull/25414
github.com/joomla/joomla-cms/issues/32147

Looks like latest suggestion is a Joomla plugin to do it. Sorry, never needed to do this so nothing more I can suggest, but this is the route you need to take. There is no workaround to this.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in to join the conversation.

11 months 3 weeks ago #333427 by activha
Replied by activha on topic CB login / CB connect without cookies
Yep I tried a very simple : ini_set('session.cookie_samesite', 'None');
but it does not work as it seems like joomla 4 has its own way to set cookies with joomla_user_state and no longer session.

I was wondering if a code autoaction just after the login would be enough ? Joomla should take this into account as it may be an issue in the future

Please Log in to join the conversation.

11 months 3 weeks ago #333430 by krileon
Replied by krileon on topic CB login / CB connect without cookies

I was wondering if a code autoaction just after the login would be enough ?

Sessions are established as soon as the user visits the site. If Joomla has an event for when a session is created that'd be most ideal. I'm unsure if it does though.

Joomla should take this into account as it may be an issue in the future

I agree and there were many discussions on the lack of control over the session cookie. Not much I can really suggest though as this is out of CBs hands. Worst case scenario you'll have to modify Joomla to suit your needs. Looks like login cookie at least is done in the Joomla core user plugin below.

/plugins/user/joomla/joomla.php

Specifically on onUserLogin Joomla event. So it should be extendable from CB either after CBs login event or Joomlas using joomla_onUserLogin. You should see it setting the joomla_user_state cookie at the bottom. Not sure if that's the relevant cookie though. Sorry, this isn't something we can really help you with. Suggest posting to Joomla's forums as others may have already implemented solutions for adjusting Joomla's session cookie.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in to join the conversation.

Moderators: beatnantkrileon
Time to create page: 0.391 seconds

Facebook Twitter LinkedIn