The Auth object uses a session variable to track if a user has been authenticated. Given that sessions cannot be shared by multiple servers, you will have to make sure that the user is authenticated on both servers. The trick is to achieve this without forcing the user to log in twice.
The only way I can think of doing this is to pass some sort of authentication token, generated by the 1st server, when the user switches to the second one. The token must contain the user id, login time (for login timeout purposes) and the password. Of course the whole token will have to be encrypted -- especially if the password is contained in it.
Once the second server receives a request with such a token, it will have to use Auth.Authenticate() to authenticate the user on it too.
You have a couple of options on how to pass the token from one server to the other. The simplest option is to include it in the query string of all links from one server to the other. This will work fine if the user would always click on such a link to switch servers, but not in cases where the user may visit the second server from a bookmark or by manually typing a URL. To cover such use cases, you would have to use 3rd-party cookies.
FoxWeb Support Team
support@foxweb.com email |
Sent by Ali Koumaiha on 10/11/2013 06:09:43 AM:
I have 2 clients that are on foxweb, which I built the portal for them. The 2 clients are really 1 business, 2 different locations/sub-companies.
Basically 2 different locations and 2 different servers (in different cities)
Domain 1:
user logs in to domain 1, all is great, all the access, data, functionality
Same username exists on the domain 2 (in the authtable)
Owen of the company want the user to be able to click on a link which will redirect to a script on Domain 2. That's not a big deal.
but, I do not want to re-authenticate (ask for username/password) on domain 2.
what are some thoughts on this?