[nycphp-talk] Single Signon Multiple Domains
Joseph Crawford
codebowl at gmail.com
Mon Mar 26 23:12:35 EDT 2007
I am guessing this talk of a central server is a central domain like
erenetwork.com
which would hold all the session data in the database. Whenever someone
accesse say domainA.com it would redirect to erenetwork.com, get the session
data then redirect to domainA. with the session id in the header or
something is that correct?
On 3/26/07, Michael B Allen <mba2000 at ioplex.com> wrote:
>
> On Mon, 26 Mar 2007 22:03:07 -0400
> "Joseph Crawford" <codebowl at gmail.com> wrote:
>
> > Mike,
> >
> > If i cam correct you cannot use cookies in this manner because
> > domainB.comcould not read a cookie set by
> > domainA.com
>
> Right but I'm not suggesting that you put a logon session key in the
> cookie, just something to represent their identity. So the first time
> someone visited a site they would have to login regardless. But that's
> only the first time. Once the cookie saved their identity (which is
> fixed in time) the server would know who who the client is and could
> consult the "central server" to retrieve the user's session state.
>
> Mike
>
> --
> Michael B Allen
> PHP Active Directory Kerberos SSO
> http://www.ioplex.com/
>
--
Joseph Crawford Jr.
Zend Certified Engineer
Codebowl Solutions, Inc.
http://www.codebowl.com/
Blog: http://www.josephcrawford.com/
1-802-671-2021
codebowl at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070326/4b6119c9/attachment.html>
More information about the talk
mailing list