Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

ProxyConnect doesn't request authenticate url when we type the vanilla url in the browser

edited May 2011 in Vanilla 2.0 - 2.8
I have implemented SSO between my rails app and vanilla using ProxyConnect. The issue is that when I log into my rails app and then open vanilla in another tab (or in the same tab) it doesn't access the authenticate url, but when I explicitly click the sign in button it accesses the authenticate url (I can see it in the logs) and the user is shown as logged in.
Is there some kind of caching in place that I need to turn off so that it calls the authenticate url whenever vanilla is accessed and login cookie is not set.

On a side note: Can we somehow turn off the username requirement for vanilla. I had to implement a separate flow and take username when user tries to access vanilla for the first time. Why can't we use email as the username? These days people hate filling forms...smaller the better.
Tagged:

Comments

  • edited May 2011
    I'm having the same issue on PHP:
    browsers: Chrome & Firefox
    PHP version: PHP 5.3.3-7+squeeze1 with Suhosin-Patch
    Vanilla: 2.0.17.10
    ProxyConnect: 1.9.3

    Actually, I don't ever see any Vanilla forum page making requests to access the authenticate url, doesn't matter if user is logged into our main site or not. (using firebug to view the network requests).

    I've seen other threads about this. We are basically going to try to fix it ourselves. If there's a patch out there or if someone can indicate if it's fixed in the 2.0.18 beta that would save us alot of time!!!

    Peter
  • TimTim Vanilla Staff
    I have implemented SSO between my rails app and vanilla using ProxyConnect. The issue is that when I log into my rails app and then open vanilla in another tab (or in the same tab) it doesn't access the authenticate url, but when I explicitly click the sign in button it accesses the authenticate url (I can see it in the logs) and the user is shown as logged in.
    Is there some kind of caching in place that I need to turn off so that it calls the authenticate url whenever vanilla is accessed and login cookie is not set.

    On a side note: Can we somehow turn off the username requirement for vanilla. I had to implement a separate flow and take username when user tries to access vanilla for the first time. Why can't we use email as the username? These days people hate filling forms...smaller the better.
    ProxyConnect will try once to automatically sign-in a cookie-less user, but will set a cookie userID of -1 if it fails. Subsequent page requests will not attempt to ping the authenticate URL.

    On a busy site with many guests, this is the desired behavior, and is required in order to prevent self-DOS. Think about it ;)

    You could hack it to not do this, but I don't recommend it. Nor do I have time to figure out how.

    Vanilla Forums COO [GitHub, Twitter, About.me]

  • Thanks Tim, I have it working now. The reason you described above makes sense, and I was having problems probably because I had played around with the cookie of my main site and it was failing for the first time. Still not sure about the reason, but the good thing is that it works now :)
Sign In or Register to comment.