Home/ Questions/Q 7674037
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-31T16:39:00+00:00

this seems like a simple enough question but I can’t seem to find a

  • 0

this seems like a simple enough question but I can’t seem to find a clear answer anywhere.

I am writing an app that will be used by multiple companies with multiple users. Each company, and it’s users only have access to it’s data. I want each company to have their own subdomain: i.e. company1.myapp.com, company2.myapp.com etc

When they enter that URL, i’m using the subdomain to get user info from the DB, from there they can log in. I’m setting their company ID (subdomain) as a session variable so the app knows what data it should be pulling from the DB

What I can’t work out:
– How do I lock authentication to the one subdomain? i.e. once authenticated, if i change the domain from company1.myapp.com to company2.myapp.com how can I ensure that the system knows the user is only authenticated to company1?

Any pointers appreciated.

Thanks,
Greg

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Thanks to some help over at the Symfony forums I seem to have this working using a listener.

    define the listener #config.yml — take note of the priority, otherwise the page seems to render before killing the session. 

    services:        
  company_listener:
    class: myApp\SecurityBundle\Controller\CompanyListener
    arguments: 
        security: "@security.context", 
        container: "@service_container"
    tags:
        - { name: kernel.event_listener, event: kernel.request, method: onKernelRequest, priority: 64 }

    Listener class

    class CompanyListener extends controller
{

public static $companyID;
private $securityContext;
protected $container;

public function __construct(SecurityContext $context, $container)
{
    $this->securityContext = $context;
    $this->container = $container;
}

public function onKernelRequest(GetResponseEvent $event)
{       

    $request = $event->getRequest();
    $session = $request->getSession();              

    $currentHost = $request->getHost();

    if(is_object($session)){
        $companyID = $session->get('companyID');
        $sessionHost = $session->get('subdomain');

        if ($sessionHost != $currentHost) {
            $this->get('request')->getSession()->invalidate();
        }           
    }

    $session->set('company', $currentHost);

}
}
    • 0