Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Tom Fulton 2030 posts 4984 karma points c-trib
    Mar 02, 2011 @ 16:31
    Tom Fulton
    0

    Sharing login state across multiple host names in same instance

    Hi,

    On a new multilingual site we have different domains assigned to each language branch.

    We are using the Membership features and it's working fine on all sites, however if the user switches domains while logged in (ie domain.com to domain.dk), the authentication is lost and the user has to login again.  I'm assuming this has to do with the authentication cookie being tied to a specific domain name.

    Anyone have any ideas how we can allow the user to stay logged in when switching domains?  Either automatically or by adding some code to our language selector?

    Thanks,
    Tom

  • Tom 711 posts 948 karma points
    Jun 21, 2011 @ 08:31
    Tom
    0

    Hi Tom,

    just wondering if you ever found a way to do this?

    Cheers,

    Tom

  • Tom Fulton 2030 posts 4984 karma points c-trib
    Jun 21, 2011 @ 13:30
    Tom Fulton
    0

    Hi Tom - unfortunately I never found a solution.  I'm sure it's possible but I don't have much experience with authentication.  If I ever revisit this I'll make sure to update the thread

  • Ravi Motha 278 posts 487 karma points MVP 3x c-trib
    Jun 21, 2011 @ 14:48
    Ravi Motha
    0

    I think the way to do it would be to extend the authentication, If it's under the same domain it's easier, but I think you would have to override the cookie generation and authentication to ercoginse cookies from multiple domains..

  • Sjors Pals 616 posts 269 karma points
    Jun 22, 2011 @ 12:08
    Sjors Pals
    0

    This is quite difficult, but it's possible, but takes some custom scripting to create a solution for this.

    Case:

    -www.site1.com
    -www.site2.com
    -www.site3.com

    -User is logged on on site 1
    -User Tries to enter site2
    -This fails, because he doesn't have a cookie for this
    -Redirect to: http://www.site1.com/?authorisationfor=site2.com
    -Now on site1, you have to check or this user has access to site2
    -If yes, redirect to: http://www.site2.com/?authorisationhash=blahblahbla
    -Validate the authorisationhash (you should really think good about a secure way to hash this!!!)
    -If the validation is ok, you can set the Cookie for the user

    I have seen this working for other sites. 

Please Sign in or register to post replies

Write your reply to:

Draft