authenticating users between websites

Danny MacMillan flowers at users.sourceforge.net
Sat Feb 5 09:59:32 PST 2005


On Tue, Feb 01, 2005 at 10:27:28AM -0500, Dan Langille wrote:
> On 25 Jan 2005 at 11:43, Ulf Zimmermann wrote:
> > On Tue, Jan 25, 2005 at 02:40:42PM -0500, Dan Langille wrote:
> > > I'm getting this request often and I'm not sure how to solve it.  A
> > > client will have two websites and wants users to be able to browse
> > > freely between the websites after having logged into the primary
> > > website.
> > > 
> > > For example, I browse to a.example.org, log in, and continue 
> > > browsing.  Then I browse over to b.example.org.... How can I be
> > > automagically be authenticated on that other website?
> > > 
> > > cheers
> > 
> > If both sites are part of the same, you can set a cookie based on the
> > domain. That is how sites usual do it. If you are concerned about
> > someone modifying the cookie local on the client side, keep also some
> > information about the cookie in a database which can be accessed by
> > both sites.
> 
> Unfortunately, I've just been informed: the two websites won't even 
> be in the same domain.  This complicates matters.  :)

There are Single Sign-On solutions like SiteMinder and WebSeal.  There
are probably open source solutions, too.

-- 
Danny


More information about the freebsd-chat mailing list