From owner-freebsd-chat@FreeBSD.ORG  Tue Feb  1 15:29:33 2005
Return-Path: <owner-freebsd-chat@FreeBSD.ORG>
Delivered-To: freebsd-chat@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0940E16A4D3
	for <freebsd-chat@freebsd.org>; Tue,  1 Feb 2005 15:29:33 +0000 (GMT)
Received: from bast.unixathome.org (bast.unixathome.org [66.11.174.150])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C28B643D2D
	for <freebsd-chat@freebsd.org>; Tue,  1 Feb 2005 15:29:32 +0000 (GMT)
	(envelope-from dan@langille.org)
Received: from wocker (wocker.unixathome.org [192.168.0.99])
	by bast.unixathome.org (Postfix) with ESMTP id 1F7E73D37;
	Tue,  1 Feb 2005 10:29:31 -0500 (EST)
From: "Dan Langille" <dan@langille.org>
To: Ulf Zimmermann <ulf@Alameda.net>
Date: Tue, 01 Feb 2005 10:27:28 -0500
MIME-Version: 1.0
Message-ID: <41FF5990.14802.4B422A7D@localhost>
Priority: normal
In-reply-to: <20050125194352.GK99125@seven.alameda.net>
References: <41F65A6A.23011.281B9A2A@localhost>
X-mailer: Pegasus Mail for Windows (4.21c)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
cc: freebsd-chat@freebsd.org
Subject: Re: authenticating users between websites
X-BeenThere: freebsd-chat@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Non technical items related to the community
	<freebsd-chat.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-chat>,
	<mailto:freebsd-chat-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-chat>
List-Post: <mailto:freebsd-chat@freebsd.org>
List-Help: <mailto:freebsd-chat-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-chat>,
	<mailto:freebsd-chat-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Feb 2005 15:29:33 -0000

On 25 Jan 2005 at 11:43, Ulf Zimmermann wrote:

> On Tue, Jan 25, 2005 at 02:40:42PM -0500, Dan Langille wrote:
> > I'm getting this request often and I'm not sure how to solve it.  A
> > client will have two websites and wants users to be able to browse
> > freely between the websites after having logged into the primary
> > website.
> > 
> > For example, I browse to a.example.org, log in, and continue 
> > browsing.  Then I browse over to b.example.org.... How can I be
> > automagically be authenticated on that other website?
> > 
> > cheers
> > -- 
> > Dan Langille : http://www.langille.org/
> > BSDCan - The Technical BSD Conference - http://www.bsdcan.org/
> 
> If both sites are part of the same, you can set a cookie based on the
> domain. That is how sites usual do it. If you are concerned about
> someone modifying the cookie local on the client side, keep also some
> information about the cookie in a database which can be accessed by
> both sites.

Unfortunately, I've just been informed: the two websites won't even 
be in the same domain.  This complicates matters.  :)
-- 
Dan Langille : http://www.langille.org/
BSDCan - The Technical BSD Conference - http://www.bsdcan.org/