I am building a webapp with Nodejs and installing phpBB on an Apache server that will be on a the same domain (ie: node = myapp.com, forum = forum.myapp.com).
I want the node app to authenticate with phpbb. I am not the most familiar with sessions, can anyone point me in the right direction on how I would use the session that is returned from phpbb to verify authentication for the node app?
So the workflow would be like node/myapp.com -> login form on myapp.com -> authenticate phpbb/forum.myapp.com = both myapp.com and forum.myapp.com are logged into phpbb.
You can log a user in effectively by creating a session record for them in the phpbb_session table and then adding the appropriate cookies under the domain phpBB3 will go looking for them in.
Those two steps is all it takes to actually "log-in" a user to phpBB3. Note: this circumvents all password protection.
If you want to actually authenticate the user/password against the data in the phpBB3 database then you'll have to go look at the authentication module, if I recall correctly they use a uniquely-salted SHA2-based algorithm of their own.