Sharing Authentication Across Subdomains using cookies

Posted by Jordan Reiter on Programmers See other posts from Programmers or by Jordan Reiter
Published on 2011-11-09T17:10:37Z Indexed on 2011/11/30 2:05 UTC
Read the original article Hit count: 312

Filed under:

I know that in general cookies themselves are not considered robust enough to store authentication information.

What I am wondering is if there is an existing design pattern or framework for sharing authentication across subdomains without having to use something more complex like OpenID.

Ideally, the process would be that the user visits abc.example.org, logs in, and continues on to xyz.example.org where they are automatically recognized (ideally, the reverse should also be possible -- a login via xyz means automatic login at abc). The snag is that abc.example.org and xyz.example.org are both on different servers and different web application frameworks, although they can both use a shared database.

The web application platforms include PHP, ColdFusion, and Python (Django), although I'm also interested in this from a more general perspective (i.e. language agnostic).

© Programmers or respective owner

Related posts about authentication