I have a server called 'XYZ' and many clients of different domains are called A, B and C. Authentication is done on the server. - When the user first comes to any site, we will ask him to create an account for the site. We will send the email and password and we will send the data to the server and store the thr. Now he has an account in 'XYZ' so that he can enter any site from A, B and C.
Next: For example, he came into the Site B, to log in, he enters the email and password, we will take this server to the server to verify if the password matches , We send 'yes' back to the customer so that he is successfully logged in and goes to the inside pages.
Because the email and status 'yes sending' is not safe to back up. We are using socket programming so that outside people will not know which data we are sending and returning back because we are using socket, because we are not able to make any sessions or cookies, because We are not opening server sites in the browser.
I want to: Like: When the user is successfully logged into Site B, then the next tab goes to that site C. He should not be asked to login (login page should not be shown) It automatically logs in (goes to internal pages)
What you search for Are called him (short SSO) and it is a difficult problem to solve correctly.
One major obstacle in the way of your goal is how we usually track the login of the Web: Cookies Specifically, a domain can only set cookies which are related to it. This means that if your three web sites are on three different domains, then you can not set a site to cook cookies for others.
A common way around this is to actually authenticate the service name on another domain. Whenever you need to check that a user is logged in, you direct them to that authentication service. A popular integrated sign-on mechanism uses this technique. OpenID uses stack overflow.
(If you use different stackexchange sites, you can see that sometimes you may be automatically logged in after loading the page. I still do not know this How it works, and has not yet checked.)
As you have described, you will be well served by central authentication. You can also find that the system based on OpenID By implementing Good things can work for your sites too ... though if you do this, I encourage you to hide the complexity of the entire URI - as is the identity, the concept of normal end users is unlikely To understand.
Comments
Post a Comment