On Wed, 16 Jan 2002, Mark Maunder wrote: > The only way I could come up with, was to have the browser redirected > to every domain name with an encrypted uri variable to prove it is > signed on which causes each host included in the single sign on to > assign an auth cookie to the browser.
Instead of redirecting the entire page you could just include images (the typical 1x1 pixel) from each server on the "You've been logged on" page and have each of them set a cookie for that domain name. For this to work with modern browsers (i.e. IE6 and properly configured mozillas) you'll need to include a compact policy in your P3P header[1], otherwise the browser will consider this an unauthorised attempt to serve a "third party image" and block the cookie. Later. Mark. [1] See http://www.w3c.org/p3p/, http://2shortplanks.com/temp/P3P-ToCP-0.02.tar.gz for more information -- s'' Mark Fowler London.pm Bath.pm http://www.twoshortplanks.com/ [EMAIL PROTECTED] ';use Term'Cap;$t=Tgetent Term'Cap{};print$t->Tputs(cl);for$w(split/ +/ ){for(0..30){$|=print$t->Tgoto(cm,$_,$y)." $w";select$k,$k,$k,.03}$y+=2}
