I am trying to implement a method of allowing access to three separate
servers on three separate domains.
The goal is to only have to login once and having free movement across
the three protected access domains.
A cookie can't work due to the limit of a single domain.
Has anyone out there had to handle this situation?
I have thought about several different alternatives, but they just get
uglier and uglier.
One thought was that they could go to a central server and login. At
the time of login they would be redirected to a special page on each of
the other two servers with any required login information. These pages
would in turn return them to the login machine. At the end of the login
process they would be redirected to the web site they original wanted.
This is a rough summary of what might happen -
domain1.net - user requests a page in a protected directory. They
don't have a cookie.
They are redirected to the cookie server. This server asks for the user
name and pass and authenticates the user. Once authenticated the cookie
server redirects the client to each of the other (the ones not matching
the originally requested domain) domains. This redirect is a page that
hands the client a cookie and sets up the session information.
domain2.net gets the request and redirects the user to a page that will
return them to the cookie machine which will add the domain2.net to the
list of domains in the cookie. And then the process will repeat for each
domain that needs to be processed.
Am I crazy? Did I miss something in the documentation for the current
Session/Auth/Cookie modules?
I did some hacking of the Ticket(Access|Tool|Master) Example in the
Eagle book, but the cookie limit is keeping it from working correctly.
( BTW: I already use it for a single server login and it works great. )
Any information would be appreciated.
Aaron Johnson
