Gossamer Forum
Home : Products : Gossamer Forum : Pre Sales :

Integrating with my own user DB and session management

Quote Reply
Integrating with my own user DB and session management
I currently run a web site with its own user database and session management system (and my own self-written forum software, too, but I'd like to get out of the business of writing my own forum software...)

So: I'd like to integrate Gossamer Forum (GF) into my site, but want to make the Web site's user experience seamless. I've searched through the GF docs, and sifted through some of the posts on the various forums here, but I don't see anyone doing exactly what I'd like to accomplish. May I therefore lay out my general plan of attack and ask for feedback on its viability?

1) One time only, I need to copy my own user table into GF's user table. I will create an app to copy my current user database into the GF user table.

2) Now, going forward, anytime a user account is created on my site, I will also add a record to the GF user table.

3) Anytime a user record is modified on my site, I will make similar modifications to the GF user table. (Okay, okay, data is not normalized; and it ain't pretty, but it ought to be good enough.)

4) This brings us to session management and user authentication: I would like to dispense with the GF account login facility altogether. Instead, when a user logs into my site, I will run "my" (non GF) login and authentication code. If the user is validated, I will drop a properly-formatted cookie in a format understood by GF into a correct location. This cookie would identify the user such that all GF functionality will be enabled for the user's given GF user status. In other words: log in once on "my" (non-GF code), and then my program will create a GF-readable cookie which will allow the user GF functionality without re-loggin in.

Is such a strategy possible? If so, is the GF cookie format documented somewhere? Has anyone successfully integrated their own site's login / authentication mechanism with GF's such that users only need to login once, and can use an already-established account (that is, an account set up on the non-GF portion of the Web site) with GF?

Any feedback / advice / warnings would be much appreciated.

Matthew Klein
Quote Reply
Re: [collective2] Integrating with my own user DB and session management In reply to
1 - 3, yup, sounds good.

4 - There's quite a bit going on with gforum's session handling, so I would recommend sticking with gforum's session handling code. An example authentication plugin for gforum is included with Community (the Auth_Community plugin). The plugin overrides some of gforum's authentication methods and does things like redirecting un-authenticated users to Community's login page, and redirecting signup requests to Community. The way the session handling works is that when a new request comes in, it tries to authenticate against it's own session table. If this fails, then the authentication plugin kicks in and it tries to authenticate via Community's session tables.

gforum only stores a session id in a cookie, which corresponds to entries in gforum's session table, so it's not really something you can just create a cookie without doing other work to gforum's tables.