Sharing login state across multiple host names in same instance
Hi,
On a new multilingual site we have different domains assigned to each language branch.
We are using the Membership features and it's working fine on all sites, however if the user switches domains while logged in (ie domain.com to domain.dk), the authentication is lost and the user has to login again. I'm assuming this has to do with the authentication cookie being tied to a specific domain name.
Anyone have any ideas how we can allow the user to stay logged in when switching domains? Either automatically or by adding some code to our language selector?
Hi Tom - unfortunately I never found a solution. I'm sure it's possible but I don't have much experience with authentication. If I ever revisit this I'll make sure to update the thread
I think the way to do it would be to extend the authentication, If it's under the same domain it's easier, but I think you would have to override the cookie generation and authentication to ercoginse cookies from multiple domains..
This is quite difficult, but it's possible, but takes some custom scripting to create a solution for this.
Case:
-www.site1.com -www.site2.com -www.site3.com
-User is logged on on site 1 -User Tries to enter site2 -This fails, because he doesn't have a cookie for this -Redirect to: http://www.site1.com/?authorisationfor=site2.com -Now on site1, you have to check or this user has access to site2 -If yes, redirect to: http://www.site2.com/?authorisationhash=blahblahbla -Validate the authorisationhash (you should really think good about a secure way to hash this!!!) -If the validation is ok, you can set the Cookie for the user
Sharing login state across multiple host names in same instance
Hi,
On a new multilingual site we have different domains assigned to each language branch.
We are using the Membership features and it's working fine on all sites, however if the user switches domains while logged in (ie domain.com to domain.dk), the authentication is lost and the user has to login again. I'm assuming this has to do with the authentication cookie being tied to a specific domain name.
Anyone have any ideas how we can allow the user to stay logged in when switching domains? Either automatically or by adding some code to our language selector?
Thanks,
Tom
Hi Tom,
just wondering if you ever found a way to do this?
Cheers,
Tom
Hi Tom - unfortunately I never found a solution. I'm sure it's possible but I don't have much experience with authentication. If I ever revisit this I'll make sure to update the thread
I think the way to do it would be to extend the authentication, If it's under the same domain it's easier, but I think you would have to override the cookie generation and authentication to ercoginse cookies from multiple domains..
This is quite difficult, but it's possible, but takes some custom scripting to create a solution for this.
Case:
-www.site1.com
-www.site2.com
-www.site3.com
-User is logged on on site 1
-User Tries to enter site2
-This fails, because he doesn't have a cookie for this
-Redirect to: http://www.site1.com/?authorisationfor=site2.com
-Now on site1, you have to check or this user has access to site2
-If yes, redirect to: http://www.site2.com/?authorisationhash=blahblahbla
-Validate the authorisationhash (you should really think good about a secure way to hash this!!!)
-If the validation is ok, you can set the Cookie for the user
I have seen this working for other sites.
@Tom Fulton Have you got any solution?
is working on a reply...