>Does anyone know of a way to authenticate a person on one site and have >that authentication carried through to multiple sites? > >Basically I'd like to have someone login on www.domain1.com and then have >their login be valid on www.domain2.com and www.domain3.com ... the >domain name is different so I don't see how I could use a common cookie. > >The 3 sites in question are hosted on a common server with a common user >database if that helps but still the domain names that people access the >sites with are unique.
Microsoft performed some crafty redirects to address this issue with passport. I seem to recall them getting a ton of heat for it two or so years ago. Not sure if they still do it. I believe the procedure involved integrating the session data between passport.com and (e.g.) expedia.com, such that a request to the latter would return a redirect to the former, and that in turn would generate a subsequent redirect back to the latter, this time with the Passport ID in the URL. In this way, microsoft was able to synchronize your ID between affiliated sites in a reasonably transparent way. It was pretty elegant, but still struck me as creepy and manipulative. Go figure. --------------------------------------------------------------------- michal migurski- contact info and pgp key: sf/ca http://mike.teczno.com/contact.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
