tags:

views:

35

answers:

2
+1  Q: 

Single session in two different domains

Hi Guys,

I am proposing a design for my company in integrating 4 systems together and putting it into web. All the 4 systems are independent of each other but I am trying to integrate to have more automation. One of the system is as follows : I want to link my companies website (www.xyz.com) to another website (www.abc.com) with same login session. Consider this way,

  1. Person X logs on to www.xyz.com
  2. Person X fills a request form on www.xyz.com
  3. when he clicks submit request, this request should be forwarded to www.abc.com with the same loggin session without the person X knowing that he has been rediredted to another website. Also I want to retrieve the data on www.abc.com using the same session on www.xyz.com and send a download link to Person X to download the data that was generated on www.abc.com

How is this possible. I do not need the coding details. I need someone to help in with this implementation details. Thanks

Regards Kunal

+1  A: 

The only way to accomplish cross-domain sessions is to use a unique identifier associated with each user's account. The concept here is to generate a hash that is unique to that user's account and pass it via the URL to the destination. The new site will then auto log in the user based on this hash. Once they're logged in, a new one is generated and replaces the old one.

On the user side, this will "carry" the login over multiple sites. If you actually need to carry data over then you'll need to store it in a database.

Other layers of security for the auto login can include browser-agent checks as well as IP checks. If any of this information changes, it's a different computer and you shouldn't log them in.

I used this method on SC-Source.com to carry a login between the various sites.

Webnet  2010-06-30 19:40:02
Thanks for the reply.. I agree to what you say. Let me simplify the scenario in detail:The person will login and fill a equest form on xyz.com, this request is sent to abc.com and depending on the request, abc.com will generate a data file(flat file) on abc.com's server itself. On creation of this file, the user will get a download link in email from abc.com to download the file multiple times. All this is done using a single session on www.xyz.com and taken that session to www.abc.com !! how does this works now.. we have a database on both the sides to store and process the request.Thanks
Kunal  2010-06-30 20:00:27
A: 

One thought I have, perhaps not the best way, is to have a shared iframe, beacon, etc. So both xyz.com and abc.com would have a pair of iframes or beacon image whose URL contains a session key:

<iframe src="http://www.abc.com/beacon?id=3a9c82904dd23f4" height="1" width="1" frameborder="0" frameborder="off" border="0"></frame>
<iframe src="http://www.xyz.com/beacon?id=3a9c82904dd23f4" height="1" width="1" frameborder="0" frameborder="off" border="0"></frame>
JonathanHayward  2010-06-30 19:42:44
Thanks for the reply John. I am not pretty sure if this can work!!! This looks like more in internally passing the dynamically generated session id to other website!! dont know if it works !!
Kunal  2010-06-30 20:04:45
You're welcome. It might work if your two systems are talking. Your systems have to be sharing at least some information for your request to work. If that can include session ID's, this may work, and you are right that what's going on is sharing session ID's. Whether this is the best approach is another question; it might not be. Consider Webnet's answer, mine, and any others, and see which one makes the most sense for your systems.
JonathanHayward  2010-07-01 20:11:56

related questions

Web framework programming mindset
ASP.NET - asp:xxx Controls versus standard HTML
From Desktop to Web browser considerations
Which PHP Framework will get me to a usable UI the fastest?
Best practice for integrating TDD with web application development?
How to Manage Web Development?
When is a file just a file?
Recommendations for browser add-on tools to help with development
REALLY Simple Website--How Basic Can You Go?
Convince Firefox to send an If-Modified-Since header over HTTPS
What do the getUTC* methods on the date object do?
Planning and Building a mobile enabled site for your main site.
Firebug for IE
Javascript and PHP - Login Script with hidden buttons
Firebug won't display console feeds for some of my sites
Displaying ad content from Respose.WriteFile()/ Response.ContentType
How can I detect if a browser is blocking an popup?
How to Test Web Code?
What PHP framework would you choose for a new application and why?
How do you disable browser Autocomplete on web form field / input tag?
What is Progressive Enhancement?
In HTML, how to word-break on a dash?
The Definitive Guide To Website Authentication
How do you test layout design across multiple browsers/OSs?
How much of the Web build process do you/should you automate?