-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>Aaron Johnson wrote:
>>
>> I am trying to implement a method of allowing access to three separate
>> servers on three separate domains.
>>
>> The goal is to only have to login once and having free movement across
>> the three protected access domains.
>>
>> A cookie can't work due to the limit of a single domain.
>>
> > Has anyone out there had to handle this situation?
I don't think there's any pretty way to do it. The only thing I can
think of off-hand is to generate the cross-server links dynamically,
including an encrypted token in the URL which will notify that server
that it should set a cookie saying that the user has already logged
in. The good news is that you only need to do that once for each
domain that it is visited. The bad news is that it doesn't work if
the user comes to that domain via some mechanism that doesn't include
the token--then they'll have to login the first time to regain their
session identifier.
- --
Kee Hinckley - Somewhere.Com, LLC - Cyberspace Architects
[Coming this week solar-powered from the Florida beaches]
I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>
iQA/AwUBObfCzCZsPfdw+r2CEQKypgCfc6iDirFQMl3YL10UUJPx7fa+/u4An1a5
tF4LFML6QP7cb3VeI/iqD+MI
=vjy/
-----END PGP SIGNATURE-----
