How to check for logged in status on a 3rd party site?
I would like to be able to check whether or not a user is currently logged into convio from another website site. The site and the convio site would be subdomains of sierraclub.org
How might I accomplish this?
Can I check the cookie? If so what cookie name would I look for if so is there any information in it like username (I presume though that is likely only to be a session ID)?
I looked through the cookies from action.sierraclub.org (our convio site) and couldn't quite tell what I should check for.
Comments
-
Hoping someone from Convio might look at this!
0 -
Adrian Cotter:
Hoping someone from Convio might look at this!
Your site is currently configured with the multi-domain feature disabled, so it is pushing all cookies to action.sierraclub.org. I don't believe that these cookies will be visible from a page served from another sierraclub.org domain. If the site configuration is changed to push to sierraclub.org, then you should see a cookie name that starts with JServSessionId followed by some additional characters (e.g. JServSessionIdr005). This cookie would indicate that the user has an active session on the Convio powered site. I don't know if this is what you really want to know though. If you want to know if they are "logged in" vs. just visiting, you could look at the content of a PageServer page that just contains ] as its content. If you did that without checking for the cookie though, you would potentially log the person as you checked if they have a "remember me" cookie.
Is this even close to what you're asking.
0 -
DavidHart :
Your site is currently configured with the multi-domain feature disabled, so it is pushing all cookies to action.sierraclub.org. I don't believe that these cookies will be visible from a page served from another sierraclub.org domain. If the site configuration is changed to push to sierraclub.org, then you should see a cookie name that starts with JServSessionId followed by some additional characters (e.g. JServSessionIdr005). This cookie would indicate that the user has an active session on the Convio powered site. I don't know if this is what you really want to know though. If you want to know if they are "logged in" vs. just visiting, you could look at the content of a PageServer page that just contains ] as its content. If you did that without checking for the cookie though, you would potentially log the person as you checked if they have a "remember me" cookie.
Is this even close to what you're asking.
Hey Dave, thanks for the reply. I think you're talking about the right thing. We are going to have the Port networks working with Convio though, shortly. I presume that would mean we would have multi-domain turned on?
So, assuming that it will be on, is the cookie number arbitrary to the user? Or is it defined at the site level? (i.e. how would I then access it)
And then assuming I can access it, is the cookies mere presence an indication of a logged in state, or is a field within the cookie? If the latter, what would that field and value be?
Thanks!
0 -
Adrian Cotter:
Hey Dave, thanks for the reply. I think you're talking about the right thing. We are going to have the Port networks working with Convio though, shortly. I presume that would mean we would have multi-domain turned on?
So, assuming that it will be on, is the cookie number arbitrary to the user? Or is it defined at the site level? (i.e. how would I then access it)
And then assuming I can access it, is the cookies mere presence an indication of a logged in state, or is a field within the cookie? If the latter, what would that field and value be?
Thanks!
Yes, part of configuring the Port integration is to turn on the multi-domain cookies. The numbers at the end of the cookie name are based on the "zone" that your site is running in. The zone is the equivalent of an application version number but drawn from a small pool that we rotate through. It will be the same for every user but will change every few weeks as patches are applied.
The presence of the cookie indicates an active session - no need to interrogate any data within it. It is not a permanent cookie and will be deleted when the session ends. The contents of the cookie is just a random nonce that the web server uses to associate requests back to the same session.
0 -
DavidHart :
Yes, part of configuring the Port integration is to turn on the multi-domain cookies. The numbers at the end of the cookie name are based on the "zone" that your site is running in. The zone is the equivalent of an application version number but drawn from a small pool that we rotate through. It will be the same for every user but will change every few weeks as patches are applied.
The presence of the cookie indicates an active session - no need to interrogate any data within it. It is not a permanent cookie and will be deleted when the session ends. The contents of the cookie is just a random nonce that the web server uses to associate requests back to the same session.
Hey Dave,
I just reread this today... if the cookie name is changing every few weeks this makes things a tad difficult. Is there any way we can know what that name is without having to find it out manually?
0 -
Adrian Cotter:
Hey Dave,
I just reread this today... if the cookie name is changing every few weeks this makes things a tad difficult. Is there any way we can know what that name is without having to find it out manually?
No, it follows a pattern of always startign with JServSessionId, but it changes pretty often.
I spoke with some folks from the Port yesterday, and I may have a different tact on the problem though. I don't really think you want to know if someone is currently logged in; I think you want to know if someone is currently logged in or has a "remember me" cookie that could potentially log them in automatically. So, I've got a few questions for you:
Is that really the question?
Are you just looking to solve it for your Port integration or is this another system?
If it's another system, can you modify the back-end code or just the client HTML?
0 -
DavidHart :
Your site is currently configured with the multi-domain feature disabled, so it is pushing all cookies to action.sierraclub.org. I don't believe that these cookies will be visible from a page served from another sierraclub.org domain. If the site configuration is changed to push to sierraclub.org, then you should see a cookie name that starts with JServSessionId followed by some additional characters (e.g. JServSessionIdr005). This cookie would indicate that the user has an active session on the Convio powered site. I don't know if this is what you really want to know though. If you want to know if they are "logged in" vs. just visiting, you could look at the content of a PageServer page that just contains ] as its content. If you did that without checking for the cookie though, you would potentially log the person as you checked if they have a "remember me" cookie.
Is this even close to what you're asking.
Not to hijack this thread, but what is the "multi-domain feature"? Does this mean having Convio set cookies for .example.com vs. host.example.com? How/where is this configured?
Also, how does Convio handles cookies for non-SSL (.example.com) and SSL (secure#.convio.net)?
0 -
DavidHart :
No, it follows a pattern of always startign with JServSessionId, but it changes pretty often.
I spoke with some folks from the Port yesterday, and I may have a different tact on the problem though. I don't really think you want to know if someone is currently logged in; I think you want to know if someone is currently logged in or has a "remember me" cookie that could potentially log them in automatically. So, I've got a few questions for you:
Is that really the question?
Are you just looking to solve it for your Port integration or is this another system?
If it's another system, can you modify the back-end code or just the client HTML?
Well just to layout the problem a little more clearly:
-
we have a non-convio non-port site associated with the social network (so we can modify the back-end code)
-
and we would like it to reflect the users state (so it gives a link to their account, and not the login/register buttons).
-
our login forms also exist on that that same server and if someone goes there who is already logged on, we would like to send them on back to the Port side of things.
So, what you are suggesting might work, but what happens if they are logged in, but don't have a remember me cookie? My guess is they'd still see the login/register button.
Thinking of other options:
-
Do away with the login/register buttons -- we could just have a link to the Port account page whereby they would be redirected if they don't happen to be logged in (or auto logged in)
-
Have the login go through another page that sets another cookie.
0 -
-
Robert Zakon:
Not to hijack this thread, but what is the "multi-domain feature"? Does this mean having Convio set cookies for .example.com vs. host.example.com? How/where is this configured?
Also, how does Convio handles cookies for non-SSL (.example.com) and SSL (secure#.convio.net)?
Yes, setting a site up for multi-domain will change the cookies to come from a higher level like .example.com. It does a few other things as well, although I can't do a comprehensive list off the top of my head. Only a Convio employee (support analyst or project manager) will have access to this configuration option.
The secure cookies are at a path level (e.g. secure#.convio.net/foo) since multiple clients are typically on the same secure server domain. The code keeps track of the different channels internally so it knows if it needs to push a cookie or not when you switch.
0 -
DavidHart :
Yes, setting a site up for multi-domain will change the cookies to come from a higher level like .example.com. It does a few other things as well, although I can't do a comprehensive list off the top of my head. Only a Convio employee (support analyst or project manager) will have access to this configuration option.
The secure cookies are at a path level (e.g. secure#.convio.net/foo) since multiple clients are typically on the same secure server domain. The code keeps track of the different channels internally so it knows if it needs to push a cookie or not when you switch.
Thanks Dave. Since Convio SSL and non-SSL cookies are on different domains and cross-domain cookies are not permitted by browsers, is Convio passing a session ID around and setting two cookies? Feel free to follow up on the SSL & SSO thread so this one isn't cluttered up any further.
0
Categories
- All Categories
- Shannon parent
- shannon 2
- shannon 1
- 21 Advocacy DC Users Group
- 14 BBCRM PAG Discussions
- 89 High Education Program Advisory Group (HE PAG)
- 28 Luminate CRM DC Users Group
- 8 DC Luminate CRM Users Group
- Luminate PAG
- 5.9K Blackbaud Altru®
- 58 Blackbaud Award Management™ and Blackbaud Stewardship Management™
- 409 bbcon®
- 2.1K Blackbaud CRM™ and Blackbaud Internet Solutions™
- donorCentrics®
- 1.1K Blackbaud eTapestry®
- 2.8K Blackbaud Financial Edge NXT®
- 1.1K Blackbaud Grantmaking™
- 527 Education Management Solutions for Higher Education
- 1 JustGiving® from Blackbaud®
- 4.6K Education Management Solutions for K-12 Schools
- Blackbaud Luminate Online & Blackbaud TeamRaiser
- 16.4K Blackbaud Raiser's Edge NXT®
- 4.1K SKY Developer
- 547 ResearchPoint™
- 151 Blackbaud Tuition Management™
- 1 YourCause® from Blackbaud®
- 61 everydayhero
- 3 Campaign Ideas
- 58 General Discussion
- 115 Blackbaud ID
- 87 K-12 Blackbaud ID
- 6 Admin Console
- 949 Organizational Best Practices
- 353 The Tap (Just for Fun)
- 235 Blackbaud Community Feedback Forum
- 55 Admissions Event Management EAP
- 18 MobilePay Terminal + BBID Canada EAP
- 36 EAP for New Email Campaigns Experience in Blackbaud Luminate Online®
- 109 EAP for 360 Student Profile in Blackbaud Student Information System
- 41 EAP for Assessment Builder in Blackbaud Learning Management System™
- 9 Technical Preview for SKY API for Blackbaud CRM™ and Blackbaud Altru®
- 55 Community Advisory Group
- 46 Blackbaud Community Ideas
- 26 Blackbaud Community Challenges
- 7 Security Testing Forum
- 1.1K ARCHIVED FORUMS | Inactive and/or Completed EAPs
- 3 Blackbaud Staff Discussions
- 7.7K ARCHIVED FORUM CATEGORY [ID 304]
- 1 Blackbaud Partners Discussions
- 1 Blackbaud Giving Search™
- 35 EAP Student Assignment Details and Assignment Center
- 39 EAP Core - Roles and Tasks
- 59 Blackbaud Community All-Stars Discussions
- 20 Blackbaud Raiser's Edge NXT® Online Giving EAP
- Diocesan Blackbaud Raiser’s Edge NXT® User’s Group
- 2 Blackbaud Consultant’s Community
- 43 End of Term Grade Entry EAP
- 92 EAP for Query in Blackbaud Raiser's Edge NXT®
- 38 Standard Reports for Blackbaud Raiser's Edge NXT® EAP
- 12 Payments Assistant for Blackbaud Financial Edge NXT® EAP
- 6 Ask an All Star (Austen Brown)
- 8 Ask an All-Star Alex Wong (Blackbaud Raiser's Edge NXT®)
- 1 Ask an All-Star Alex Wong (Blackbaud Financial Edge NXT®)
- 6 Ask an All-Star (Christine Robertson)
- 21 Ask an Expert (Anthony Gallo)
- Blackbaud Francophone Group
- 22 Ask an Expert (David Springer)
- 4 Raiser's Edge NXT PowerUp Challenge #1 (Query)
- 6 Ask an All-Star Sunshine Reinken Watson and Carlene Johnson
- 4 Raiser's Edge NXT PowerUp Challenge: Events
- 14 Ask an All-Star (Elizabeth Johnson)
- 7 Ask an Expert (Stephen Churchill)
- 2025 ARCHIVED FORUM POSTS
- 322 ARCHIVED | Financial Edge® Tips and Tricks
- 164 ARCHIVED | Raiser's Edge® Blog
- 300 ARCHIVED | Raiser's Edge® Blog
- 441 ARCHIVED | Blackbaud Altru® Tips and Tricks
- 66 ARCHIVED | Blackbaud NetCommunity™ Blog
- 211 ARCHIVED | Blackbaud Target Analytics® Tips and Tricks
- 47 Blackbaud CRM Higher Ed Product Advisory Group (HE PAG)
- Luminate CRM DC Users Group
- 225 ARCHIVED | Blackbaud eTapestry® Tips and Tricks
- 1 Blackbaud eTapestry® Know How Blog
- 19 Blackbaud CRM Product Advisory Group (BBCRM PAG)
- 1 Blackbaud K-12 Education Solutions™ Blog
- 280 ARCHIVED | Mixed Community Announcements
- 3 ARCHIVED | Blackbaud Corporations™ & Blackbaud Foundations™ Hosting Status
- 1 npEngage
- 24 ARCHIVED | K-12 Announcements
- 15 ARCHIVED | FIMS Host*Net Hosting Status
- 23 ARCHIVED | Blackbaud Outcomes & Online Applications (IGAM) Hosting Status
- 22 ARCHIVED | Blackbaud DonorCentral Hosting Status
- 14 ARCHIVED | Blackbaud Grantmaking™ UK Hosting Status
- 117 ARCHIVED | Blackbaud CRM™ and Blackbaud Internet Solutions™ Announcements
- 50 Blackbaud NetCommunity™ Blog
- 169 ARCHIVED | Blackbaud Grantmaking™ Tips and Tricks
- Advocacy DC Users Group
- 718 Community News
- Blackbaud Altru® Hosting Status
- 104 ARCHIVED | Member Spotlight
- 145 ARCHIVED | Hosting Blog
- 149 JustGiving® from Blackbaud® Blog
- 97 ARCHIVED | bbcon® Blogs
- 19 ARCHIVED | Blackbaud Luminate CRM™ Announcements
- 161 Luminate Advocacy News
- 187 Organizational Best Practices Blog
- 67 everydayhero Blog
- 52 Blackbaud SKY® Reporting Announcements
- 17 ARCHIVED | Blackbaud SKY® Reporting for K-12 Announcements
- 3 Luminate Online Product Advisory Group (LO PAG)
- 81 ARCHIVED | JustGiving® from Blackbaud® Tips and Tricks
- 1 ARCHIVED | K-12 Conference Blog
- Blackbaud Church Management™ Announcements
- ARCHIVED | Blackbaud Award Management™ and Blackbaud Stewardship Management™ Announcements
- 1 Blackbaud Peer-to-Peer Fundraising™, Powered by JustGiving® Blogs
- 39 Tips, Tricks, and Timesavers!
- 56 Blackbaud Church Management™ Resources
- 154 Blackbaud Church Management™ Announcements
- 1 ARCHIVED | Blackbaud Church Management™ Tips and Tricks
- 11 ARCHIVED | Blackbaud Higher Education Solutions™ Announcements
- 7 ARCHIVED | Blackbaud Guided Fundraising™ Blog
- 2 Blackbaud Fundraiser Performance Management™ Blog
- 9 Foundations Events and Content
- 14 ARCHIVED | Blog Posts
- 2 ARCHIVED | Blackbaud FIMS™ Announcement and Tips
- 59 Blackbaud Partner Announcements
- 10 ARCHIVED | Blackbaud Impact Edge™ EAP Blogs
- 1 Community Help Blogs
- Diocesan Blackbaud Raiser’s Edge NXT® Users' Group
- Blackbaud Consultant’s Community
- Blackbaud Francophone Group
- 1 BLOG ARCHIVE CATEGORY
- Blackbaud Community™ Discussions
- 8.3K Blackbaud Luminate Online® & Blackbaud TeamRaiser® Discussions
- 5.7K Jobs Board