From owner-freebsd-chat@FreeBSD.ORG Tue Jan 25 19:45:18 2005 Return-Path: Delivered-To: freebsd-chat@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B0E9216A4D0 for ; Tue, 25 Jan 2005 19:45:18 +0000 (GMT) Received: from seven.Alameda.net (seven.alameda.net [64.81.53.71]) by mx1.FreeBSD.org (Postfix) with ESMTP id 658DF43D55 for ; Tue, 25 Jan 2005 19:45:18 +0000 (GMT) (envelope-from ulf@Alameda.net) Received: by seven.Alameda.net (Postfix, from userid 1000) id 673F43A203; Tue, 25 Jan 2005 11:43:53 -0800 (PST) Date: Tue, 25 Jan 2005 11:43:53 -0800 From: Ulf Zimmermann To: Dan Langille Message-ID: <20050125194352.GK99125@seven.alameda.net> References: <41F65A6A.23011.281B9A2A@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <41F65A6A.23011.281B9A2A@localhost> Organization: Alameda Networks, Inc. X-Operating-System: FreeBSD 4.10-RELEASE-p2 User-Agent: Mutt/1.5.6i cc: freebsd-chat@freebsd.org Subject: Re: authenticating users between websites X-BeenThere: freebsd-chat@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: ulf@Alameda.net List-Id: Non technical items related to the community List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Jan 2005 19:45:18 -0000 On Tue, Jan 25, 2005 at 02:40:42PM -0500, Dan Langille wrote: > I'm getting this request often and I'm not sure how to solve it. A > client will have two websites and wants users to be able to browse > freely between the websites after having logged into the primary > website. > > For example, I browse to a.example.org, log in, and continue > browsing. Then I browse over to b.example.org.... How can I be > automagically be authenticated on that other website? > > cheers > -- > Dan Langille : http://www.langille.org/ > BSDCan - The Technical BSD Conference - http://www.bsdcan.org/ If both sites are part of the same, you can set a cookie based on the domain. That is how sites usual do it. If you are concerned about someone modifying the cookie local on the client side, keep also some information about the cookie in a database which can be accessed by both sites. -- Regards, Ulf. --------------------------------------------------------------------- Ulf Zimmermann, 1525 Pacific Ave., Alameda, CA-94501, #: 510-865-0204 You can find my resume at: http://seven.Alameda.net/~ulf/resume.html