views:

23

answers:

2

Hello, how can I synchronize sessionID over multiple second-domain servers? For example, I've got servers(you can log-in into server swarm at any of these), www.service1.com, www.service2.com, www.service3.com, and if you log in at one of them, the login information (+anything else) should persist along them. How can I provide SessionID to other domains? (session itself is stored on sql server shared across the services).

+1  A: 

Don't you mean across domains?

This is not possible due to security features in browsers. Browsers do not allow cookies to be accessed across domains.

Daniel A. White
I do. Sorry, my poor english, corrected :)I know that cookies cannot be shared, but I've seen this behavior somewhere, so there should be any hack to achieve this [edit: by word 'this' I mean my question]
Yossarian
+1  A: 

Cross domain logins are possible, but very tricky, and prone to issues.

Generally a scheme to do this will involve a third server that acts a centralized auth server. Login requests on individual sites will route through the auth server and the auth server will pass back a secure token to use as a session id.

I've seen this session id passed back to the server via url redirects, and also through back end server communication.

My personal advice would be to use the auth server as a webservice of some sort, and maintain individual sites logins separately. The workflow would be roughly:

  1. Sign in on a given site
  2. The site would send a behind the scenes request to the auth server asking for authentication and information
  3. The auth server would respond appropriately
  4. The site would login on success, and show error message on failure.

It is possible to use some fancy redirects and some forms of trust to implement a auto login system, but honestly such things are rarely if ever worth it. The above suggestion would end up with them having to login on each individual site, but they'd share the same credentials and profile on every site.

Bryan McLemore