Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Grab TransientKey in parent website
Hello, how would I go about grabbing the vanilla TransientKey value from embeded forum (embed.js??)?
Thanks!
Donovan
0
Comments
Is it accessible from a cookie perhaps? The forum is located in subdirectory of the html root, so I should have access to the vanilla cookies from the main site.
Donovan
I discovered the TransientKey is located in the GDN_User table in the Attributes column. I can grab that column... but I then need to parse out the TransientKey value. This doesn't quite look like JSON... so any ideas on the best way to parse out the key? Here is an example of the Attributes value:
a:1:{s:12:"TransientKey";s:16:"2FnVpajSusQ1J1Rp";}
I need just the '2FnVpajSusQ1J1Rp' part!
If you need it in JavaScript, you can get it like that:
var transientKey = gdn.definition('TransientKey');. It is part of global.jsFrom out Vanilla you can use methods in the session class (validateTransientKey, transientKey). If you have a user object, you can use UserModels getAttribute to extract the transientKey. But bear in mind that a user doesn't always have to have a transient key.
That is a serialized array
R_J, excellent.. that was the missing the component. Just to follow up, here is my solution.. I could not find a more thin way to do this, but maybe there is one. "$row" is the row returned from the database.
$AttrString = http_build_query(unserialize($row['Attributes'])); parse_str($AttrString, $output); $vTKey = $output['TransientKey'];Regarding "user doesn't always have to have a Transient Key".. how do they log out then? It seems it is required.
out of interest what are you actually trying to do?
grep is your friend.
That might have been not enough information: as far as I know a logged in user needs to have a transient key. Since I don't know how you use that, you need to take into consideration that your code above can generate an error if you try that for a user who isn't logged in:
$output['TransientKey'];the key isn't defined in such a case.Good point, but I don't think a user can get to this function without being logged in... but the testing phase is next... so will keep an eye open.
You seem to work with the database, but not with Vanilla. Else you could use a helper function:
val('TransientKey', $output);After days of hacking out a good way of logging someone out of my website (single sign off).. the only decent method I could find was to first use vanilla's signout URL, then use it's target to redirect back to the main website logout. Now I can do a SSout from the main website. Seems to work fine.
After we go live, I will try to make a tutorial on all of this.. because it was a weeks worth of work to get it all working.. embeded SSO with jsConnect and codeigniter.
if you are able to access the the database, then you are on the same server and presumably domain so you could simply delete the cookie by expiry.
grep is your friend.
for those wanting the transient key via the client you can use this method
$('<TransientKey>').load('https://open.vanillaforums.com/entry/signin?DeliveryType=VIEW #Form_TransientKey', function(){ console.log($(this).children().first().val()) });grep is your friend.
Unfortunately that did not work for me... tried it several different ways.