PHP download

Download the PHP package richardhj/contao-crossdomaincookies without Composer

On this page you can find all versions of the php package richardhj/contao-crossdomaincookies. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Informations about the package contao-crossdomaincookies

Contao CrossDomainCookies

[]()

Cross-link between pages with different domain names of a Contao installation—and keep certain cookies alive. It will be possible to handle a member authentication between multiple domains. Or the isotope cart.

Install

Via composer

Usage

Make sure that all domains used in the Contao installation are set in the "dns" field of the root pages.
The user has to click a link in order to fetch the cookies of the site (he/she originally logged in). Include the link with an InsertTag.

InsertTags

InsertTag	Description	Example
`{{link_url_cdc::99}}`	Url to other site	`https://site-b.local?t=0000…`
`{{link_open_cdc::99}}`	Link opening tag linking to the other site	`<a href="…" title="…">`
`{{link_close}}`	Link closing tag (Contao core)	`</a>`

Make sure to replace 99 with the id or alias of the other page.

How it works

Page A and Page B are part of one Contao installation.

When hyperlinking from Page A to Page B, the link looks like https://page-b.local/?o=page-a.local&t=zyxitopjfsetbjjutwsdf

As you can see, two get parameters are added to the page uri:

Parameter	Role
o	The page redirected from and the origin of the cookies (where the cookies will be fetched from)
t	A token, just for security purposes

When being on Page B—and the get parameters are present—, a javascript will be included. This script will create the cookies on Page B. The script will get loaded from https://page-a.local, therefore the cookies are the ones present on Page A.

The javascript looks like

That's the magic behind cross domain cookies.

Security

A few words about the security and vulnerability:

The extension automatically loads a javascript from a site that is given as a get parameter. The get parameter can be easily modified and this extension would be a great example for XSS-vulnerably in practice. So this extension needs to check that the url given as get parameter is part of the Contao installation. So before including the javascript from the other domain, it verifies that the other domain can be found in the "dns" fields of the root pages of the Contao installation.

In order to handle the authentication cross-domain, this extension activates auto_login ("Remember me") for the particular user. That means, that the user will not get logged out by closing the window, which is the default behavior. This is because Contao checks the auth cookie against the session_id which is bound to a cookie as well and will therefore change on the other domain. This might be a problem for websites with sensible data and users who forget to log out. To keep the problem down, the auto_login cookie will expire after a few time.

License

The GNU Lesser General Public License (LGPL).

Feel free to contribute.

All versions of contao-crossdomaincookies with dependencies

PHP Build Version

Package Version

Version v0.9.0 Release 18. Sep 2017
create-project require 0 people chose require and
0 people chose create-project.

Download

Download latest version of contao-crossdomaincookies from vendor richardhj

Requires php Version ^5.4 || ^7.0
contao/core Version ^3.1
contao-community-alliance/composer-plugin Version ^2.4
contao-community-alliance/events-contao-bindings Version ^3.2
symfony/http-foundation Version ^3.3

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package richardhj/contao-crossdomaincookies contains the following files

Loading the files please wait ....