HTTP session between multiple sites

Is there a way to somehow modify the HTTP request (add a cookie, HTTP request parameter, or anything else) so that it would be possible to keep the HTTP session when the user move开发者_JAVA技巧s to a completely different site, located on a different domain?

If you have different domains, you can maybe work with subdomains, as foo.bar.com and toto.bar.com can share cookies if the cookie domain is .bar.com.

If you cannot work with subdomains you can try to get a domain or subdomain working configuration by using a proxy on the 1st domain. Having a proxy on toto.bar.com proxying toto.com can help you to share .bar.com session cookies. If you do that be careful not to build an open proxy. That means as well your first server will get 100% of the traffic.

Then if none of the previous is suitable you'll need an SSO solution, with a third party sharing the authentification data. But an SSO is there only for sharing the identification part, not the session data.

Before the SSO solution there is the simple solution of having the same identification/authentification backend (say an openLDAP). But this will only allows you to have an unified password, not to share a connected/disconnected status (this is the SSO job).

if you can handle the session data sharing on the server side you'll have to handle synchronisation of 2 different sessions on the 2 sites, associated with the same people. This association with an unique identifier is what the SSO gives you. This is a complex thing.

Now the really important question is what are the things you want to share between the 2 sites? If it is user preference like a color theme or such, you could maybe think about a CROS or JSONP call giving you some user settin,gs in the js environment of you application, you could even make some ajax queries to save these settings in each application, this is a way to share common data between 2 applications, but do not use it for securized data.

You would have to transfer the session data here between two different servers in order for it to do any good; this is not possible unless you have access to both domains/servers and create something serverside to implement this. Even then, it would only apply to the specific servers you have control over.

There's no way to grab session data from a server you don't have control over.