I thought you could set a cookie for a different domain - you just can't
read a different domain's cookie. So you could simply set 3 cookies when
the user authenticates.
Now I'm curious, I'll need to try that.
--
Joe Pearson
Database Management Services, Inc.
208-384-1311 ext. 11
Joe Pearson ([EMAIL PROTECTED]) said something to this effect:
I thought you could set a cookie for a different domain - you just can't
read a different domain's cookie. So you could simply set 3 cookies when
the user authenticates.
You sure can -- otherwise Navigator wouldn't have the "Only
To: Joe Pearson
Cc: [EMAIL PROTECTED]
Subject: Re: [OT?] Cross domain cookie/ticket access
Joe Pearson ([EMAIL PROTECTED]) said something to this effect:
I thought you could set a cookie for a different domain -
you just can't
read a different domain's cookie. So you could simply set 3
cookies
At 11:37 PM 9/7/00 -0600, Joe Pearson wrote:
I thought you could set a cookie for a different domain - you just can't
read a different domain's cookie. So you could simply set 3 cookies when
the user authenticates.
I don't think you can set a cookie for a completely different domain, based
on
Why not do this...
Implement sessions via DBI. All three servers will use the same table in the same
database for setting/getting session data (ie
'authenticated_uid' = 1425).
Pass the session id around in the path or in query string. Make sure your
applications include this data when
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
At 10:21 PM -0400 9/7/00, [EMAIL PROTECTED] wrote:
I don't think there's any pretty way to do it. The only thing I can
think of off-hand is to generate the cross-server links dynamically,
including an encrypted token in the URL which will
Well even if I thought it might be possible with a single cookie the user
agents are by
by RFC2109 supposed to not allow it so even if I got something to work there is
no guarantee that it will work in the future, since it will most likely be a
security hole of the user agent.
See RFC2109 section
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
At 2:23 PM -0400 9/8/00, Aaron Johnson wrote:
a) the link actually goes to a local page that then pulls the unique code for
that user and appends it to the
URL for the domain2.net site and they are sent with the unique code via post.
domain2.net then
Kee Hinckley [EMAIL PROTECTED] writes:
At 10:21 PM -0400 9/7/00, [EMAIL PROTECTED] wrote:
I don't think there's any pretty way to do it. The only thing I can
think of off-hand is to generate the cross-server links dynamically,
including an encrypted token in the URL which will
Aaron Johnson wrote:
I am trying to implement a method of allowing access to three separate
servers on three separate domains.
The goal is to only have to login once and having free movement across
the three protected access domains.
A cookie can't work due to the limit of a single
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Aaron Johnson wrote:
I am trying to implement a method of allowing access to three separate
servers on three separate domains.
The goal is to only have to login once and having free movement across
the three protected access domains.
A
I don't think there's any pretty way to do it. The only thing I can
think of off-hand is to generate the cross-server links dynamically,
including an encrypted token in the URL which will notify that server
that it should set a cookie saying that the user has already logged
in. The
12 matches
Mail list logo