Skip to content

Instantly share code, notes, and snippets.

@geoff-nixon
Forked from armanhakimsagar/single sign on
Created October 16, 2020 17:13
Show Gist options
  • Save geoff-nixon/8279a5ab16ab74f3726f25f2f004826e to your computer and use it in GitHub Desktop.
Save geoff-nixon/8279a5ab16ab74f3726f25f2f004826e to your computer and use it in GitHub Desktop.
https://accounts.google.com/signin/v2/sl/pwd?
service=mail
&hl=en
&uilel=1
&continue=https://www.gmail.com
&passive=true
&ltmpl=default
&flowName=GlifWebSignIn
&flowEntry=ServiceLogin
_________________________________________________
https://accounts.google.com/signin/v2/sl/pwd?
service=youtube
&hl=en
&uilel=3
&continue=https://www.youtube.com
&passive=true
&flowName=GlifWebSignIn
&flowEntry=ServiceLogin
________________________________________________
Youtube first sign in set 4 cookies:
1. remote-session-name {"data":"youtube-desktop","creation":1541948055176}
2. remote-session-app {"data":"Desktop","creation":1541948055176}
3. remote-device-id {"data":"f6b539df-f025-445d-b15e-cffe11be188b","expiration":1571461396512,"creation":1539925396512}
4. remote-uilel {"data":"3","creation":1541947781364}
** After youtube sign out cookies remove
** If youtube sign out gmail also signout if refresh
Activity table:
1. service
2. continue
3. flowName
4. flowEntry
5. passive
6. hl
7. remote-session-name (password)
8. remote-session-app
9. remote-device-id
10.remote-uilel
11.uid
12.browser_header (cookie hijacking)
Login process:
** After login from gmail insert all data in activity table & set cookies in https://accounts.google.com
** If try to login in youtube from new tab https://accounts.google.com check cookies value isset or not.
** if isset check browser_header (cookie hijacking)
remote-session-name | remote-device-id |
remote-uilel exits in database or not.
** if isset auto login from backend & redirect.
** Get uid from remote-session-name & insert new data in activity table & set cookies.
Logout process:
** If logout from gmail remove all row from activity table related uid & Unset session
** Remove cookies from https://accounts.google.com remote-session-name | remote-session-app | remote-device-id | remote-uilel
** Set set interval check 30 for youtube uid exits table or not | Or set it in next refresh
________________________________________________
** Store logic :
public function storeLoginActivity($password) {
$logged_time = time();
$expire = time() + (86400 * 30);
setcookie('logged_time', $logged_time, time() + (86400 * 30), "/");
$uid = md5($_SERVER['HTTP_USER_AGENT'] . $_SERVER['REMOTE_ADDR'] . $logged_time);
$cipher = "#&sdfdfs789fs7d";
$encoded_password = base64_encode(openssl_encrypt($password, "AES-128-ECB", $cipher));
DB::table('activity')->insert(
['user_id' => Auth::id(), 'password' => $encoded_password, 'uid' => $uid]
);
header ("Set-Cookie: logged_time=$logged_time; expires=$expire; path=/; domain=.kallyani.com.bd");
return true;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment