authenticating users between websites
Danny MacMillan
flowers at users.sourceforge.net
Sat Feb 5 09:59:32 PST 2005
On Tue, Feb 01, 2005 at 10:27:28AM -0500, Dan Langille wrote:
> On 25 Jan 2005 at 11:43, Ulf Zimmermann wrote:
> > On Tue, Jan 25, 2005 at 02:40:42PM -0500, Dan Langille wrote:
> > > I'm getting this request often and I'm not sure how to solve it. A
> > > client will have two websites and wants users to be able to browse
> > > freely between the websites after having logged into the primary
> > > website.
> > >
> > > For example, I browse to a.example.org, log in, and continue
> > > browsing. Then I browse over to b.example.org.... How can I be
> > > automagically be authenticated on that other website?
> > >
> > > cheers
> >
> > If both sites are part of the same, you can set a cookie based on the
> > domain. That is how sites usual do it. If you are concerned about
> > someone modifying the cookie local on the client side, keep also some
> > information about the cookie in a database which can be accessed by
> > both sites.
>
> Unfortunately, I've just been informed: the two websites won't even
> be in the same domain. This complicates matters. :)
There are Single Sign-On solutions like SiteMinder and WebSeal. There
are probably open source solutions, too.
--
Danny
More information about the freebsd-chat
mailing list