Aaron Johnson wrote:
>
> I am trying to implement a method of allowing access to three separate
> servers on three separate domains.
>
> The goal is to only have to login once and having free movement across
> the three protected access domains.
>
> A cookie can't work due to the limit of a sin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
>Aaron Johnson wrote:
>>
>> I am trying to implement a method of allowing access to three separate
>> servers on three separate domains.
>>
>> The goal is to only have to login once and having free movement across
>> the three protected access dom
>
> I don't think there's any pretty way to do it. The only thing I can
> think of off-hand is to generate the cross-server links dynamically,
> including an encrypted token in the URL which will notify that server
> that it should set a cookie saying that the user has already logged
> in.
I thought you could set a cookie for a different domain - you just can't
read a different domain's cookie. So you could simply set 3 cookies when
the user authenticates.
Now I'm curious, I'll need to try that.
--
Joe Pearson
Database Management Services, Inc.
208-384-1311 ext. 11
http://www
Joe Pearson ([EMAIL PROTECTED]) said something to this effect:
> I thought you could set a cookie for a different domain - you just can't
> read a different domain's cookie. So you could simply set 3 cookies when
> the user authenticates.
You sure can -- otherwise Navigator wouldn't have the "On
r 08, 2000 10:24 AM
>To: Joe Pearson
>Cc: [EMAIL PROTECTED]
>Subject: Re: [OT?] Cross domain cookie/ticket access
>
>
>Joe Pearson ([EMAIL PROTECTED]) said something to this effect:
>> I thought you could set a cookie for a different domain -
>you just can't
>> r
At 11:37 PM 9/7/00 -0600, Joe Pearson wrote:
>I thought you could set a cookie for a different domain - you just can't
>read a different domain's cookie. So you could simply set 3 cookies when
>the user authenticates.
I don't think you can set a cookie for a completely different domain, based
o
Why not do this...
Implement sessions via DBI. All three servers will use the same table in the same
database for setting/getting session data (ie
'authenticated_uid' => 1425).
Pass the session id around in the path or in query string. Make sure your
applications include this data when link
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
At 10:21 PM -0400 9/7/00, [EMAIL PROTECTED] wrote:
> >
>> I don't think there's any pretty way to do it. The only thing I can
>> think of off-hand is to generate the cross-server links dynamically,
> > including an encrypted token in the URL whic
Well even if I thought it might be possible with a single cookie the user
agents are by
by RFC2109 supposed to not allow it so even if I got something to work there is
no guarantee that it will work in the future, since it will most likely be a
security hole of the user agent.
See RFC2109 section
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
At 2:23 PM -0400 9/8/00, Aaron Johnson wrote:
>a) the link actually goes to a local page that then pulls the unique code for
>that user and appends it to the
>URL for the domain2.net site and they are sent with the unique code via post.
>domain2.net t
Kee Hinckley <[EMAIL PROTECTED]> writes:
> At 10:21 PM -0400 9/7/00, [EMAIL PROTECTED] wrote:
> > >
> >> I don't think there's any pretty way to do it. The only thing I can
> >> think of off-hand is to generate the cross-server links dynamically,
> > > including an encrypted token in the UR
> and I didn't see any directly relevant listings. They
> apparently hold a patent
> related to embedding session data in the path-info;
>
You HAVE to be kidding me? I have been embedding session data in
URL's for 7 years... and they patented that?! *sigh* I guess it just seemed
to lo
"Peiper,Richard" <[EMAIL PROTECTED]> writes:
> > and I didn't see any directly relevant listings. They
> > apparently hold a patent
> > related to embedding session data in the path-info;
> >
>
> You HAVE to be kidding me? I have been embedding session data in
> URL's for 7 years... and
14 matches
Mail list logo
