Two domains, one fourm
4 views
Skip to first unread message
funvill
Sep 18, 2008, 5:29:11 PM9/18/08
to Webmasters Helping Webmasters
Hello
I have these two websites
http://www.EveryDayFiction.com and http://www.everydaypoets.com
Both accept user submitted content and publish a new story each day.
I have installed Simple Machine Forum (SMF) on my main site
http://www.EveryDayFiction.com and I use the forums system as the
login system for the website. (the authors have to login before they
are allowed to submit a story)
Last month we expanded with http://www.EveryDayPoets.com
I wanted to use the same login system as everydayfiction.com so if
someone login on everydayfiction they are also logged in on
everydaypoets.com
but because they are cross domain the login cookie don't work.
I looking for a way to login on one domain and remain logged in on
anther sister domain.
Any suggestions?
PS: I am a programmer and I have lots of experience with PHP, ect...
Feel free to talk technically
I have these two websites
http://www.EveryDayFiction.com and http://www.everydaypoets.com
Both accept user submitted content and publish a new story each day.
I have installed Simple Machine Forum (SMF) on my main site
http://www.EveryDayFiction.com and I use the forums system as the
login system for the website. (the authors have to login before they
are allowed to submit a story)
Last month we expanded with http://www.EveryDayPoets.com
I wanted to use the same login system as everydayfiction.com so if
someone login on everydayfiction they are also logged in on
everydaypoets.com
but because they are cross domain the login cookie don't work.
I looking for a way to login on one domain and remain logged in on
anther sister domain.
Any suggestions?
PS: I am a programmer and I have lots of experience with PHP, ect...
Feel free to talk technically
Vision Jinx
Sep 18, 2008, 8:09:13 PM9/18/08
to Webmasters Helping Webmasters
Hi,
It's a bit complex as it goes against "security best practices" but if
you look at (for example) when you log into your Google account at
google.com then click the gmail link located at gmail.com it will
proxy through the account sign in at google.com and log you in that
way. Now they are not going to explain how they are doing this, but it
may provide some insight on how it could be done. I am guessing it
probably entails dynamically writing script tags with authentication
and request tokens in there and using that as part of the post
authentication over using a cookie or session, or in combination with.
(JSONP XSS things) I am sure if you search their RESTful APIs and
developer center and videos etc, they do explain some of these
concepts in web services.
Another alternative (possibly) from building your own backend system
for it may be to try the oAuth or Open ID as a single sign in API and
set your sites up to use that instead. I believe both those have some
sort of mechanism for what your looking to do.
http://oauth.net/
http://openid.net/
Hope that helps,
Cheers!
Vision Jinx
> I have these two websiteshttp://www.EveryDayFiction.comandhttp://www.everydaypoets.com
It's a bit complex as it goes against "security best practices" but if
you look at (for example) when you log into your Google account at
google.com then click the gmail link located at gmail.com it will
proxy through the account sign in at google.com and log you in that
way. Now they are not going to explain how they are doing this, but it
may provide some insight on how it could be done. I am guessing it
probably entails dynamically writing script tags with authentication
and request tokens in there and using that as part of the post
authentication over using a cookie or session, or in combination with.
(JSONP XSS things) I am sure if you search their RESTful APIs and
developer center and videos etc, they do explain some of these
concepts in web services.
Another alternative (possibly) from building your own backend system
for it may be to try the oAuth or Open ID as a single sign in API and
set your sites up to use that instead. I believe both those have some
sort of mechanism for what your looking to do.
http://oauth.net/
http://openid.net/
Hope that helps,
Cheers!
Vision Jinx
> I have these two websiteshttp://www.EveryDayFiction.comandhttp://www.everydaypoets.com
> Both accept user submitted content and publish a new story each day.
>
> I have installed Simple Machine Forum (SMF) on my main sitehttp://www.EveryDayFiction.comand I use the forums system as the
>
> login system for the website. (the authors have to login before they
> are allowed to submit a story)
>
> Last month we expanded withhttp://www.EveryDayPoets.com
> are allowed to submit a story)
>
funvill
Sep 19, 2008, 5:38:26 PM9/19/08
to Webmasters Helping Webmasters
I like the OpenID solution.
As we add more sites it would be nice to be able to logging with the
same account across all out sites.
Thanks. I will look in to it and report back.
On Sep 18, 5:09 pm, Vision Jinx <vjn...@gmail.com> wrote:
> Hi,
>
> It's a bit complex as it goes against "security best practices" but if
> you look at (for example) when you log into your Google account at
> google.com then click the gmail link located at gmail.com it will
> proxy through the account sign in at google.com and log you in that
> way. Now they are not going to explain how they are doing this, but it
> may provide some insight on how it could be done. I am guessing it
> probably entails dynamically writing script tags with authentication
> and request tokens in there and using that as part of the post
> authentication over using a cookie or session, or in combination with.
> (JSONP XSS things) I am sure if you search their RESTful APIs and
> developer center and videos etc, they do explain some of these
> concepts in web services.
>
> Another alternative (possibly) from building your own backend system
> for it may be to try the oAuth or Open ID as a single sign in API and
> set your sites up to use that instead. I believe both those have some
> sort of mechanism for what your looking to do.
>
> http://oauth.net/http://openid.net/
As we add more sites it would be nice to be able to logging with the
same account across all out sites.
Thanks. I will look in to it and report back.
On Sep 18, 5:09 pm, Vision Jinx <vjn...@gmail.com> wrote:
> Hi,
>
> It's a bit complex as it goes against "security best practices" but if
> you look at (for example) when you log into your Google account at
> google.com then click the gmail link located at gmail.com it will
> proxy through the account sign in at google.com and log you in that
> way. Now they are not going to explain how they are doing this, but it
> may provide some insight on how it could be done. I am guessing it
> probably entails dynamically writing script tags with authentication
> and request tokens in there and using that as part of the post
> authentication over using a cookie or session, or in combination with.
> (JSONP XSS things) I am sure if you search their RESTful APIs and
> developer center and videos etc, they do explain some of these
> concepts in web services.
>
> Another alternative (possibly) from building your own backend system
> for it may be to try the oAuth or Open ID as a single sign in API and
> set your sites up to use that instead. I believe both those have some
> sort of mechanism for what your looking to do.
>
>
> Hope that helps,
>
> Cheers!
> Vision Jinx
>
> On Sep 18, 3:29 pm, funvill <Funv...@gmail.com> wrote:
>
> > Hello
>
> > I have these two websiteshttp://www.EveryDayFiction.comandhttp://www.everydaypoets.com
> > Both accept user submitted content and publish a new story each day.
>
> > I have installed Simple Machine Forum (SMF) on my main sitehttp://www.EveryDayFiction.comandI use the forums system as the
> Hope that helps,
>
> Cheers!
> Vision Jinx
>
> On Sep 18, 3:29 pm, funvill <Funv...@gmail.com> wrote:
>
> > Hello
>
> > I have these two websiteshttp://www.EveryDayFiction.comandhttp://www.everydaypoets.com
> > Both accept user submitted content and publish a new story each day.
>
Reply all
Reply to author
Forward
0 new messages