Global login, Switch between sites, Password strength meter, and other login improvements

Mon, Mar 04, 2013 at 1:15AM

Jetendo CMS user system has been vastly improved in the last few days.

Automatic login with global user accounts

Last week, I added a new automatic login feature to the Jetendo CMS user system.  Now it has been improved so that it support a global login.

A global login is available to developer users that have access to the Server Manager.

A global login can also be made for a group of sites.  For example, if one client has 5 different sites, they can all be associated with a single master web site, and that web site delegates administrative user accounts that work for some or all of the other web sites.

For these features to work, you have to set automatic login to yes when prompted.  When it is set to no, that forces you to manually login to each site separately.

A side effect of the new cookie-based authentication is that sessions are now preserved when the server has been restarted.  Anything stored in their session is lost, but at least users can now auto-login and continue using the user specific and admin features of the site without being prompted to login again.

Making log in forms easier to use

I've refined the log in forms in several ways over the last few days to be simpler. If you use the OpenId log-in feature, it now remembers which one you last used with a permanent cookie, and highlights it.  This will help people who may have multiple accounts when they forget which account they signed up with.

Part of making software easier has a lot to do with what happens when people use the software incorrectly.  You want to give them friendly error messages and a clear way to proceed.  There have been many validation enhancements to the new features and they've also been made to look simpler and more consistent.

New user registration form supports OpenID

There is now a very nice public user registration form that is integrated with OpenID, so you can create a new account by just signing in to Google, Yahoo or AOL now. No other typing required.

Also I added a password strength meter for non-OpenId accounts that updates as you type now. I currently don't require users to have a specific password strength, but it could later be added as an option for some sites.

View the new user account registration form

Quickly switch between sites you have access to

If you have a Jetendo CMS Site Manager user account that has access to multiple sites, it now shows a drop down menu when you are logged in.  You can simply select another site and it will send you to the log-in page for it.  If you have auto-login enabled, then you will be automatically logged in to the other site.

If another user for the Site Manager logs in and they don't have access to other sites, they won't see this option.  So site access is controlled on a per user basis.

How was global automatic log-in achieved technically?

This was all made possible by using a combination of javascript and server side scripts to transfer the authentication token from the global domain to the domain you are logging into.  By default the browser doesn't allow javascript to directly access cookies like this.  So the information could only be exposed with server-side scripts.   To prevent this from being an unnecessary security risk, the cookie information is verified on the server.  The temporary information on the server is immediately deleted so that the cookie token information can only be used once.  This is very similar to how OpenID works, but I didn't want to learn how to build an complete OpenID server right now since that does a lot more then just transfer an authentication token.

Jetendo CMS will be released as an open source project sometime soon.  Check out for the latest information.

Bookmark & Share