Jump to content
dragan

Getting logged out when using two PW sites on same domain

Recommended Posts

If I have two PW sites that sit in separate folders, I can't be logged-in in both sites.

e.g.

site.com/project-a/pw-admin-slug/

site.com/project-b/pw-admin-slug/

If I login to project-a, then also login to project-b, get back to the first site, I have to login again.

Is the cookie / session mechanism storing my domain? If it does, and it's meant to be some sort of security enhancement, it should not check my domain, but root-URL of the PW-installation. (strangely, this doesn't happen on localhost)

Is it possible to prevent that behavior? Often I have two sites open (e.g. check to see if I have the same CKEditor setup and quickly copy and paste it, or copy a user-role)

Edited by dragan
re-phrasing

Share this post


Link to post
Share on other sites

The cookie contains: domain and path

Although both PW instances create the same named cookie.

I'd move sites to subdomains. That works without any problems.

2018-05-04 15_35_27-Pages • ProcessWire • nerd.to.png

  • Like 2

Share this post


Link to post
Share on other sites

Agree with @wbmnfktr Have always used subdomains on my development host and never encountered this issue

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By fliwire
      Hi, after redirect to payment page processwire session lost because of samesite cookies changed default to "lax".

      https://web.dev/samesite-cookies-explained/

      tried to hook session::init but not works ?
      $wire->addHookBefore("Session::init", function (HookEvent $event) { ini_set('session.cookie_samesite', 'None'); session_set_cookie_params(['samesite' => 'None']); });

      set by htaccess works
       
      <ifmodule mod_headers.c> Header always edit Set-Cookie ^(.*)$ $1;SameSite=None;Secure </ifmodule>  
    • By jploch
      Hey folks,
      Iam working on a new Admin Theme, based on AdminThemeReno, which I would like to release for the public soon.
      Now I want to style the login page to fit the look and feel of the backend.

      After some research, I found out that I have to set the "$config->defaultAdminTheme = 'AdminThemeName' " inside my site config.php file to load all the styles from my admin theme on the login page instead of the default ones.
      Is it possible to set this via api from my Admin Theme settings, without the need of editing the config file?
       
    • By DanielKit
      Hi. I'm currently stuck at the login page in my project. Once I enter my admin username and my password and press login, nothing happens. The page just reloads. However, the URL changes from http://myipaddress/processwire to http://myipaddress/processwire/?login=1. I've checked all of my server settings, and to my knowledge, all seems to be fine there. I don't know where to go from here.. Thanks in advance!
    • By spercy16
      After doing a Google search for the issue I saw several previous posts mentioning this same issue but cannot figure out how to fix it and shouldn't have to spend a half hour trying to. ProcessWire frequently logs out of the admin area after less than five minutes. It shouldn't time-out ever, and if someone wanted that option for security reasons they should be able to enable it through the settings in their admin panel. In addition to it not being the default setting, users also shouldn't need to edit your config files manually to change these kinds of settings. Please fix the major issue in a future release. It's absured imho that developers don't realize the inconvenience it places on other people if they have to login every time they switch back to that page. It has also logged me out without warning without any visual que that it did so. If someone was working on paragraphs of content they could easily lose their work do to this bug as well... Please don't refer me to a forum with a dozen possible solutions to the issue and fix it yourselves. I'm sick of looking at them. It's your job to troubleshoot your software, not your users!
    • By Tyssen
      I have a client who is reporting that in the last couple of days they can no longer login to their site with their normal browser (Chrome). Using another browser or an incognito window works.
      I've tried logging into the site using the same login details in my usual browser (Firefox) and have had no problems.
      The site is a membership site and today other members are reporting the same problem.
      The site is running 3.0.148 and has the session handler DB and login throttle modules installed. It was recently upgraded to 3.x from 2.x. But no changes have been made to the site between the time when they were able to login OK and when the problem started happening.
×
×
  • Create New...