User authentication in multiple domain application
System has central domain main.com where users log in and manage their accounts. And many sub-domains sub1.co开发者_Python百科m, sub2.com, ... with which users interact. All content of all domains is generated by one server.
Usually users will search something in main.com and then will go to subN.com Now I need somehow subN.com knows which user is signed in main.com.
I know about SSO technique, but this technique requires 2 redirects every time user visits new domain and has couple other problems with session management.
Second options I thought up is to load js file from main.com with token which will be added to all ajax requests and form posts in subN.com. But this solution is also not ideal, since I cant add user specific content (like user profile info in header) on subN.com load, but only with javacript.
Is there any good solution for user authentication in multiple domain application?
Tentative solution:
[Main Server] -> (Stores Active Key)
[User's Computer] -> (Store Mirror Key "Cookie")
Whenever user goes to a new subsite, subsite checks with main.com (shared space with subsites).
Hope this helps!
精彩评论