Wednesday, November 24, 2010
On 24 Nov 2010, at 16:29, Peter De Berdt wrote:
- User enters login data, your app verifies the credentials and writes an expiring token (a few seconds should be enough) to the user table for the user logging in and then redirects to http://external.domain.com/login?token=af8117c03b3f01b20b9360f2fb5fee57- Your external domain will be able to verify which user it's about and build the session on the external domain.It's very important here that the token you use expires fairly quickly so sessions can't be hijacked.
Or you can even delete the token when your external domain verifies the user token.
This is all assuming all domains use the same app and thus database of course.
Best regards
Peter De Berdt
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment