Multi-domain cookies

Ueland

Hi,

I am working on a prodject where we are supposted to let our system communicate over several domains, so if you are logged in on site a, you are also logged in @ site b,c, d etc.

How can this be solwed easy, i have tried several ways no without any luck.:rolleyes:

AstroTeg

Cookies, by definition, are only accessible by the domain that created them. So if you create a cookie in domain A, then domain B, C, and D can not access domain A's cookies. This just means you have to get a little creative.

I'm thinking you may have to create some behind the scenes code to sync up the user information across all the domains (so user signs up or logins and once that happens, code runs to update the other domains). I'm not a big fan of this idea, but its an idea. Maybe if one domain was setup to be the only one to handle authentication, then this would work a lot better.

Another thought is do something with frames or iframes and embedded cookie creating pages for the various domains. This could impact your web design and half of the browsers do not support iframes.

These are just ideas...

Ueland

Iframes with a with and height of 0 is possible, i am just not shure how we are to get data from it, etc.

We do also have the possibilty to use a "seperate" domain that works with the login etc, but i have tried that do without any luck yet.

If you got any "conkrete" tips, then i am going to test it asap 😉

AstroTeg

To get the data over, you'd have to pass it along in the URL string. So you might end up with:

http://domainB.com/cookiescript.php?login=Fred&pass=Fredpass

Having one server to do authentication requires a little more work, BUT:

users log in to one place only
cookies stay local
if code breaks, you update in 1 place
don't have to worry about syncing problems like if user changes info in domain A, how does B, C, and D get updated (and what if C is off line - how do you update it then?)
don't have to worry about connection issues - what if the user cancels loading a page that was supposed to update the other X domains?

With a little bit of work and planning, you could probably get the log in to be streamlined. But I don't know what your circumstances are so this approach may or may not work for you. Otherwise, the 0 frame option should work fine (just be careful with the syncing and test it out or you might end up with unhappy users).

Ueland

Thanks for the tip! 🙂

Our login pages are only working with a session id == userid, so that`s not the worst information to send around 😉

One user table, and a sessions table, on one db @ one server.

Ueland

It worked 😉

in my login i put a header redirect to a new page with the session id, and that page made a new cookie, going to next page etc..