Comments on: Getting phpBB to accept Django sessions

By: Why do birds suddenly appear out of cantaloupes? That’s what I want to know .. « Liblits News

Fri, 23 Oct 2009 00:38:52 +0000

[...] The next step is to actually get single sign-on working with phpBB. I’m following the guide here: http://www.gilesthomas.com/?p=63 [...]

By: giles

giles — Thu, 23 Jul 2009 17:11:25 +0000

Chris — that’s clever! I’d be interested in hearing how you (or anyone else who tries it) get on.

By: Chris

Chris — Tue, 21 Jul 2009 12:04:59 +0000

Another, maybe simpler way to do this without creating new database models is to have your phpbb3 backend do an HTTP call (with curl for example) to a django page with the sessionid cookie set, and have that django page just display a JSON encoded list of the data you need (username, email) for the currently logged in user.

By: Jon Cage

Jon Cage — Mon, 27 Apr 2009 09:54:13 +0000

I implemented something similar for a website I built a while back. I ended up sharing phpbb’s auth system. It works fairly well aside from the fact that you have to log in through the forum side of things. There’s really only one problem now – I couldn’t find a neat way to return from logging into phpbb3 so you have to manually find your way back to where you were on the DJango side.

I’ll give your suggestions a look – sounds like it might be a better solution!

By: Pitflooff

Pitflooff — Fri, 20 Mar 2009 12:59:30 +0000

very intresting

By: kookimebux

kookimebux — Sun, 01 Feb 2009 18:11:32 +0000

Hello. And Bye. :)

By: giles

giles — Fri, 23 Jan 2009 14:37:52 +0000

Argh, how annoying! If it’s any consolation, I didn’t see those flaws either…

By: Tiago A.

Tiago A. — Wed, 21 Jan 2009 18:52:54 +0000

Yeah, but I kind of shot myself in the foot. Your solution is better. I didn’t account for:
- password changes;
- when the user logs out from my main application;
- cleaning the cookies;

I’ll change my solution someday :)

Tiago A.

By: giles

giles — Mon, 12 Jan 2009 16:55:03 +0000

Great to hear it works! It’s always good to have multiple solutions to a problem :-)

Cheers,

Giles

By: Tiago A.

Tiago A. — Mon, 12 Jan 2009 14:39:03 +0000

Yes, and it worked too.

I just implemented and now it works fine. I found minor problems, but turned them around:

- I made phpBB accept the cookies of the main domain, e.g. mydomain.com instead of forum.mydomain.com. This is configurable in the administration page.
- I put the right info (expiration date, path, variable name and variable value) in the cookies. Every parameter is necessary.
- The user table on the phpBB side has a couple of “weird fields”, such an email hash field (concatenation of a CRC32 hash algorithm and the size of the email address), and all dates are the number of seconds since 1970. Also, phpBB3 uses a custom email hashing function, but it also works with an md5 hash.
- In the sessions table, I put the j2ee session key (lower cased) and the ip and the dates.

Looking again to what you did, yeah, it looks cleaner, but I don’t regret my approach. I didn’t change a bit in the phpBB side. I don’t feel very comfortable with php code messing with my app’s database, I prefer the other way around. Also it’s working :), so I’ll leave it at that.

Thanks,
Tiago A.