hi,
i've read alot of questions here regarding SSO and openid. it helped me alot in understanding SSO & Openid concept.
just have a little confusion, i'll try to explain below:
- user visits www.websiteA.com
- user logins with Openid and if success then he's logged in. a cookie is created and sessionid stored in shared users db.
- user visits www.websiteB.com ...... now here is the confusion. does user needs to login again or what... what i've in mind is we would read cookie (stored on user system) to get openid and check status of user against that openid in shared db. is this approach correct ...?
i know thats a basic SSO issue.