Check elgg loggedin user by API

How can be checked if user already logged in from another site?

The elgg is located on subdomain, I need to know on the main domain if user already loggedin to redirect him, if I make the api request the functions like 

elgg_is_logged_in()

doesn't work, it's always empty result.

  • You can't use this function on another site to check the user's status.

    You should use Web services

  • You need to do the following:

    on the main domain file where you want to call elgg_is_logged_in, include your autoload.php file from the absolution path of your subdomain.

    require_once "path/to/your/subdomain/vendor/autoload.php";
    \Elgg\Application::start();

    Once you are done with that then you can now call elgg_is_logged_in() from your mail domain.

  • Make sure the Elgg cookie is set with a subdomain wildcard otherwise request headers will not contain the session cookie.

  • @ihayredinov What do you think about the general security of the site when using this include?

  • Obviously this only works as long as things are hosted in the same server. I can't think of any issues with this approach - sharing cookies across subdomains is a normal practice. The only problem that it's an expensive way to check auth status, but that's another question.

  • ...things are hosted in the same server

    ...it's an expensive way to check auth status

    The main points of using this method which I wanted to hear from you. Thanks for your opinion.

  • Thank you for answers,
    Yes, am using the services,
    in my expose function I wrote

    $path = $_SERVER['DOCUMENT_ROOT'] . "/vendor/autoload.php";
    require_once $path;
    \Elgg\Application::start();

    but result the same:

    
    elgg_is_logged_in();
    elgg_get_logged_in_user_entity();

    both are empty 

  • path = $_SERVER['DOCUMENT_ROOT'] . "/vendor/autoload.php";

    Where exactly is your autoload.php file. I believe you said that its in a subdomain i.e some other folder right? Is the path correct?

     

  • Also in response I see the Elgg cookies, it's alright:

    [set-cookie] => Elgg=...
  • Yes my subdomain in the different directory on the server, subdomain.domain.com, the server just has CNAME with hostname * on this domain name.