Hi Greg, If they have the same application name, CF will treat it as the same app. The problem is that CF thinks it's a different session, because browsers use different cookies for different domains - you are using servera.org and serverb.org, so user1 may be logged onto servera.org with cookie x, then you are directed to serverb.org and are logged out with cookie y. If you are logged onto both domains then cookie x and y are both logged in; remember that CF keeps track of sessions via cookies. If you have different cookies, it's like going onto the same server with different browsers.
You can implement something like OpenID but you will still need to log-in when switching servers, but you can use the same credentials. The way I would do it, I would pass a use-once/short-expiration token when switching between domains that the receiving domain needs to authenticate against the domain that I am coming from. This authentication should be server side, like via CFHTTP or checking the DB. - Rex ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:347736 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
