Can a webapp auto-login a user to a CMS on the same server?

Trying to figure out my project which is to have a webapp driven database for subscribers. But a lot of the data has related articles and I’d like to just use Drupal for those.

BUT that content is also to be restricted to subscribers and I would not want to force users to BOTH log in to the webapp and separately log into the drupal site.

The webapp would likely be hosted on a sub-domain and the drupal content either on a different subdomain or the main domain. I guess…


Or, even unlike the post title - auto-login to a site on a different server?

I have a system like this for my forum and staff application. The forum sends the person to the staff app with an auth token, the app checks the auth token with the forum and if its good it auto logs them in.

Thanks, that’s encouraging to hear. Could you share sort of step-by-step what is happening?

The user logs into the webapp first and is auto-logged into the normal web-based forum when subsequently trying to access it? Or the user logs into the forum and when trying to access the app, get auto logged in to the app?

Where is the log in form? On the app or the forum? (not both places, I presume?)

I don’t know if the drupal security system will let your app log them in. There are a few modules you can use to work around that, but know that you are intentionally relaxing the security.

Good point, Tim, thanks. The app needs to be more secure than the Drupal pages, fwiw.

EDIT: I wonder if there is a way to encase the drupal site in the webapp so that drupal pages could only be accessed in a webHTMLViewer inside the webapp?

There is a link to staff site of the forum that generates a tempory auth token that is delivered with the link to the staff site in the URL.

An unauthenticated user connecting staff site will be redirected to the forum login page with a redirect code saying they want to go to the staff site. If they are already logged into the forum it will generate the token and the link and redirect them back to the staff site. Under the hood, the staff site checks with the forum to see if the token is valid, if so it allows them into the staff app.