I am trying to set up a secure auto-login system for one of our products. The need goes like this... A potential partner has a product with many clients that need a product like one we offer. The partner would like to be able to link to specific pages in our product from their own app. Each user would have their own account with use and need to be logged in automatically to our system by the 3rd party app if they are not already. We also need to account for the user logging out of our app at any time. I would also like the credentials to be encrypted through https/ssl.
I have come up with a process that would require the 3rd party app to send credentials through a server-side connection. The process goes like this: 1) 3rd party app sends user to page in our app, and all is well if already logged in 2) if not already logged in, we send user to an auto-login page at 3rd party app 3) 3rd party app submits credentials on the server-side to our app through secure connection 4) if credentials accepted, our app returns a one time use login key 5) 3rd party app send user to our app again with login key and they are logged in automatically and continue to desired page This will work but is there is a simpler way? I do not have much experience with https but I'm under the impression that an https page at one domain cannot securely send data to an https page at another domain. Is that correct or am I wrong about that? If this were allowed then this could be solved by submitting the data in a hidden form. Thoughts? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:296145 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
