Menu
How can I implement a cookie based single sign on without a sso server? I would to share the user logged in across multiple applications using only a cookie on the browser.
In my mind it's working like this:
In this solution a user may see the browser cookie (of a another user) and take the string codified of the username. Then he could adding it on an own cookie (no good!).
There's some secure way to do this? With a timestamp based control or something like this?
Thanks in advance.
Bye
P.S. I know that my english isn't very well.. sorry for this!
771
the application verifies the credentials and then it setting up a cookie on the browser storing the username (that could be coded with a private key) if the user opens another application, it searches the cookie and reads the username on the value (using the key for decode the string)
Introduction. Browser-based Single Sign-On (SSO) is replacing conventional solutions based on multiple, domain-specific credentials by offering an improved user experience: clients perform a single log in operation to an identity provider, and are yet able to access resources offered by a variety of service providers.
By default, Cookie-based authentication does not have solid protection against attacks, and they are mainly vulnerable to cross-site scripting (XSS) and cross-site request forgery (CSRF)attacks.
This is impossible. Cookies are unique to each domain, and one domain cannot read another domain's cookies.
76
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
