Kee Hinckley <[EMAIL PROTECTED]> writes:
> At 10:21 PM -0400 9/7/00, [EMAIL PROTECTED] wrote:
> > >
> >> I don't think there's any pretty way to do it. The only thing I can
> >> think of off-hand is to generate the cross-server links dynamically,
> > > including an encrypted token in the URL which will notify that server
>
>
> >If you ever implement something like this, just be sure you
> >patent it before Amazon does ;>
>
> Actually, I have a strong suspicion that this may be covered by the
> OpenMarket patents. I know their authentication software worked
> cross-domain, and I know their ordering software worked with
> encrypted URL tokens.
>
That's what I was afraid of.
However, I searched the Open Market patents at http://patents.ibm.com;
and I didn't see any directly relevant listings. They apparently hold a patent
related to embedding session data in the path-info; your particular
problem appears cookie-related.
My recommendation for using cookies is to do what banner advertisers do.
I would embed a dummy link (image, stylesheet, javascript) in the ticket
authentication's confirmation page ("Congratulations, you've successfully
logged in... redirecting to ...").
Say you use blank images. Put one in for each domain, and put the
authentication token in the url or query args. When the browser
fetches the dummy link FROM EACH DOMAIN, presumably the code you
run for that url will return a set-cookie header
for that domain. It's like doing the 'round-robin' thing all at once.
The end user shouldn't notice any difference.
Also, I'm pretty sure the netscape setting for 'accepting cookies from other
domains' only applies to this kind of usage. Domain x should NEVER be able
to set a cookie in domain y. Period. Advertisers deliver banners from domains
other that the one you requested in the browser's url. Disabling this feature
within netscape prevents those images from setting cookies
(in thier OWN domain,of course). This would conceivably break thi
implementation above, in which case you can use dummy frames instead!
Best of luck.
--
Joe Schaefer
[EMAIL PROTECTED]
SunStar Systems, Inc.
