Authentication
How Comentario authenticates its users
Since embedded Comentario runs on the page it’s placed upon, it always means a different domain than the server and the Administration UI reside on (they both run on the Base URL).
For example, your Comentario server may run on https://comentario.example.com, but it’s used to display comments on https://blog.example.com/post/12345.
As a consequence, it’s impossible to share authentication data between the two frontends because then refer to different origins.
In practice, it means you have to login separately:
- Into the Administration UI, and
- Into Comentario on every domain it serves.
In either case the authentication is stored in a user session cookie bound to the current domain:
comentario_user_sessionfor the Administration UI.comentario_commenter_sessionfor embedded comments.
However, if you click on the Settings (gear) button on the comments page, and then on Edit Comentario profile, the system will issue a one-off token that will then be used to log you in to the Admin UI directly.