Magento Multiple Website Store – Login

In this tutorial, we will see how to setup common login in a magento multiple website setup.

Problem Case:

The problem we are trying to solve here is, suppose you have multiple magento website setup on different domains on the same magento instance, and you want that if a customer login’s on any one our your site he is gets logged into all other sites as well.


The solution for this is simple, whenever a user logs in on a website ‘A’, a script needs to notify website ‘B’,’C’, etc that user has logged in and then login needs to be performed in ‘B’,’C’, etc as well. This cannot be handled automatically because session is not shared across domains so this feature is not there by default. The solution for this is to use JSONP and perform a cross domain ajax request with the session id so that session gets shared accross domains.
Attached is the source code of the module


First Step: Magento has a default configuration option called Share Customer Accounts located at System -> Configuration -> Customer Configuration -> Account Sharing Options, change this to Global. What this means is that when a customer creates his new account, is shared for all your websites.
Second Step:
Next we need to write code to make the JSONP calls. We are using JSONP, since normal cross domain ajax calls are not allowed. For this we are using JQuery library , details of JSONP can be found here.

So below is the codes:

Step1: Include jQuery in Magento

First download jQuery and then place it inside /js/jquery folder, so path would be /js/jquery/jquery.js. Next create a javascript file called noconflict.js in the jquery folder (/js/jquery/noconflict.js) jQuery Folder Structure. Write this code inside noconflict.js file


Next open that page.xml layout file in your theme folder [app/design/frontend/default/YOUR_THEME/layout/page.xml or in your default magento theme] and place this code inside tag

<reference name="head">
        	<action method="addItem"><type>js</type><name>jquery/jquery-1.6.4.min.js</name></action>
        	<action method="addItem"><type>js</type><name>jquery/noconflict.js</name></action>

Now open home page in your magento, and through firebug or chrome inspector, see if these two jquery files are included in your page.

Step2: Crossdomain ajax call

Next we need to write ajax call. The code for this should be written in header.phtml. You need to rewrite the base header.phtml in your theme [app/design/frontend/default/YOUR_THEME/page/html/header.phtml]
Here’s the added code for header.phtml

$allStores=Mage::app()->getStores(); //get list of all stores,websites
	foreach ($allStores as $_eachStoreId => $val)
		$_storeId = Mage::app()->getStore($_eachStoreId)->getId();
		 $urls= Mage::app()->getStore($_storeId)->getBaseUrl(Mage_Core_Model_Store::URL_TYPE_WEB); //get url using store id
		 $cururl=Mage::getStoreConfig('web/unsecure/base_url'); //get current domain url
		 if ($this->helper('customer')->isLoggedIn()){
		  if(Mage::getSingleton('core/session')->getLogincd()==1){ ?>
			<script type="text/javascript">
			jQuery(document).ready(function() {
			var url="<?php echo $url;?>customer/account/logincd?SID=";
			url = url+'<?php echo Mage::getModel("core/session")->getEncryptedSessionId(); ?>'+"&callback=?";
			var userid=<?php echo Mage::getSingleton('customer/session')->getCustomer()->getId();?>;
			url: url,
			crossDomain: true,
			dataType: 'jsonp',
			success: function(data) {


Here first we are getting all stores, then in a foreach loop we are getting the domain url of each store. Then we are checking if the current domain is not equal to the fetched url. Then we perform the jsonp call which will go to the other domain logincd Action and login the customer on the other domain. For this we are sharing the customer session id i.e. SID with other domains. We get the session id of the logged in customer with the code


We are appending session id in the url and this will be set in other domain and the customer will be logged in.
Now let us see how ‘jsonp’ request is different from normal ajax request.

 url: "",

In this line we we are appending the session id of the customer session of the current domain, and a ‘callback’ parameter which will be generated by jQuery.
It is a unique callback name for this request (something like json1268267816). It will be received at the other domain and it will treat the request as jsonp.

Mage::getSingleton(‘core/session’)->getLogincd() parameter is set so that this jsonp call is done only once and not every time a page is opened.

Step3: Overwrite the AccountController.php of Mage/Customer/controllers/

Next we need to overwrite AccountController.php file in our module [app/code/local/YOUR_NAMESPACE/MODULE_NAME/controllers/AccountController.php]. The AccountController.php file will have an action ‘logincd’ which will receive the ajax call and then do all the work required to make customer login in the domain. Here’s the code for AccountController.php

require_once 'Mage/Customer/controllers/AccountController.php';
class Excellence_Logincd_AccountController extends Mage_Customer_AccountController
    public function logincdAction()
	$this->getResponse()->setHeader('Content-Type', 'application/json; charset=utf-8');
       	$data = array('success'=>1);
    	echo $_GET['callback'] . '('.json_encode($data).')';

This line designates the content to be in json format, encoded in the UTF-8 character encoding.

this->getResponse()->setHeader('Content-Type', 'application/json; charset=utf-8');

And then the success message has been set and sent back to the calling function.

echo $_GET['callback'] . '('.json_encode($data).')';

this will send back the response to the requesting ajax call as jsonp.

This is all that is required to make cross domain login work. The cross domain logout will work automatically in the current case.