Laravel single sign on with subdomains

Question

How I can implement single sign-on with subdomains on Laravel-5? I have:

I tryed set domain and driver parameters in /config/session:

'driver' => 'cookie'

or

'driver' => 'file'

and

'domain' => '.domain.com'

or

'domain' => null

It doesn't work anyway. I gets 401 (Unauthorized) anyway. Why?

In controller (it is standard laravel authentication):

public function __construct()
{
    $this->middleware('auth');
}

So, if i changed auth middleware for api.domain.com from 'auth.basic' to 'auth' (same as to portal.domain.com) it works. How i can use onceBasic auth for api.domain.com and default auth to portal.domain.com? I want to send ajax request from portal.domain.com to api.domain.com (same credentials and same laravel applications) — gurkov, Feb 12 '15 at 11:39
Problem with headers when response is AJAX, see details http://stackoverflow.com/questions/2870371/why-is-jquerys-ajax-method-not-sending-my-session-cookie — gurkov, Feb 12 '15 at 14:47

score 1 · Accepted Answer · answered Feb 12 '15 at 15:10

Laravel 5 subdomains auth: single sign-up throught AJAX and Once Basic through simple HTTP.

If you want have single sign-up between your subdomains (e.g. api.domain.com and portal.domain.com) on Laravel you must do it:

For your api use next filter (e.g. in controller cunstructor):

if (!Auth::check()) $this->middleware('auth.basic.once');
Set your session (config/session):

'domain' => '.domain.com'
In jQuery.ajax use next parameters:

crossdomain: true xhrFields: {withCredentials: true}
Headers your response (e.g. in .htaccess) must contain:

Header set Access-Control-Allow-Origin "http://api.domain.com" Header set Access-Control-Allow-Credentials true

Now you can make AJAX-request from portal.domain.com to api.domain.com and simple HTTP-request with basic auth to api.domain.com