Search code examples
phphtmlweb-servicesdrupaldrupal-7

How to do a browser login by web service to Drupal website?

Having a web service, realized through Service module, how do i login my browser to my drupal website?

I'm pretty sure i'm not getting the point, so i try to explain my issue. I need to set up a pc to read qr code from its webcam and reading the code have to end up in login the user, linked to that code, to my drupal site and show him a browser where he is logged in to my drupal website, so he can see content as authenticated user. Let's say the qr code contains username and password of the user.

It comes natural to think about using a webservice to do this. So i tried to code a simple html page sending the post request necessary to login.

 <form action="http://mysite.abc/api_name/user/login" method="post">
    <input type="text" name="username" value="foo" />
    <input type="text" name="password" value="bar" />
    <input type="submit" />
 </form>

It works, i mean, it replies with correct data and do the login, but after sending the request from my browser (hitting the submit button from my browser) and receiving the response containing session id and so on, if i load my site from a tab of that browser i am presented with my site as i am NOT logged in. What am i missing?

EDIT: I made some progress. Using Michael Cole's script (https://www.drupal.org/node/910598) and token add-on by tripper54 i made the login work on my browser and got that the problem is about session management.

Launching the login script returns a session id (SESSfoo_1) and a session token (bar1234_1), which puts a cookie in my browser, after those values. Loggin through my website inteface does the same thing setting up a cookie (SESSfoo_2) and a token (bar1234_2).

Now, the two session id are different and 2 cookies are generated. If i take the value of the token generated by the script (bar1234_1) e paste in in place of the value of the token generated by the website login (bar1234_2) e reload, i am correctly logged in. Long story short: SESSfoo_2=bar1234_1 works perfectly.

Still i'm missing something about sessions.

Solution

  • You should give a try to Login one time module, which provides the ability to email one-time login links to users. I have not tried it but you could analyze the code to see which function is in charge of generating the one time login URL. Once you get the URL you can display it using a QR code.