On this page
What it means to use Bakery
Bakery is not a perfect SSO system so it's important to understand how Bakery works and what it means to use it.
Shared cookie
Bakery is built on the ability for cookies to be read by all sites within a domain when a cookie's domain is set with a leading period. The PHP documentation on setcookie says this about cookie domains:
To make the cookie available on all subdomains of example.com (including example.com itself) then you'd set it to '.example.com'.
During authentication for an account, Bakery will issue a cookie with shared domain access. This cookie is known internally as CHOCOLATECHIP and will be used to cause authentication for the user on slave sites.
Shared account properties
For SSO to work, some amount of user account details must be the same. Bakery synchronizes on account name, email address, and a URL to the master account edit page. The Drupal user object properties are:
$user->name; // 'username'
$user->mail; // 'account@example.org'
$user->init; // 'http://example.org/user/929/edit'
Bakery does not synchronize account ID (UID). It was a purposeful decision to not require shared internal numeric identifiers for accounts.
Accounts are synchronized and explicitly shared on username, email, and a URL only. There is optional support for most other account properties and profile values.
Caveat emptor
Account UIDs will differ between sites.
Most user properties and all profile fields can be synchronized on Drupal 6 Bakery sites, but there is no other supported data synchronization.
Bakery may not be compatible with other modules.
Bakery is hard to debug unless you're comfortable writing Drupal code and can monitor HTTP requests.
Help improve this page
You can:
- Log in, click Edit, and edit this page
- Log in, click Discuss, update the Page status value, and suggest an improvement
- Log in and create a Documentation issue with your suggestion
