Sharing Authentication Across Subdomains using cookies
Posted
by
Jordan Reiter
on Programmers
See other posts from Programmers
or by Jordan Reiter
Published on 2011-11-09T17:10:37Z
Indexed on
2011/11/30
2:05 UTC
Read the original article
Hit count: 312
authentication
I know that in general cookies themselves are not considered robust enough to store authentication information.
What I am wondering is if there is an existing design pattern or framework for sharing authentication across subdomains without having to use something more complex like OpenID.
Ideally, the process would be that the user visits abc.example.org, logs in, and continues on to xyz.example.org where they are automatically recognized (ideally, the reverse should also be possible -- a login via xyz means automatic login at abc). The snag is that abc.example.org and xyz.example.org are both on different servers and different web application frameworks, although they can both use a shared database.
The web application platforms include PHP, ColdFusion, and Python (Django), although I'm also interested in this from a more general perspective (i.e. language agnostic).
© Programmers or respective owner