• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Passing Http headers to a different domain.

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi All,
Thank you for such a wonderful forum. Here is my question

Want to pass info from site1c.com to site2.com :
------------------------------------------------
(user) --> site1.com (for authentication) --> site2.com (for content browsing)

I have a website called site1.com,
which authenticates the user package the user info (userid, email) and encrypt into a variable.
Now I need to pass this (encrypted string) information to another site site2.com (completely different domain, a third party site). site2.com know how to decrypt and validate the token information.

Trying to pass though HTTP Header, but Failed:
-----------------------------------------------
I have been thinking of passing this variable (Token) through HTTP Headers (as a HTTP header variable). But, I wasn't able to do this. I used this code:
response.addHeader("MS-TOKEN", "testing token value");
response.sendRedirect("site2.com/index.jsp");

I can see the header variables getting to browser, but they are missing into "site2.com" request from the browser. (I used Charles to see the request/response info.)

Any other Ideas, please:
-------------------------
My sites (source, target) being in two different domains, I think we're having few options.
Can you pls. suggest other alternatives? which one of the following is better one?
Browser Redirect with GET parameters -- users can see the parameters, but its encrypted anyway.
Browser redirect with POST parameters -- using java script to auto submit the form information to site2.com. if JS is disabled, it may fail to auto submit.
Cookie -- since these two are different domains, cookie may not be passed between the domains (i.e., setting cooke from site1.com and passing it to site2.com).

Thanks
Surendra.
 
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Browser Redirect with GET parameters -- users can see the parameters, but its encrypted anyway.



Thats the most reliable way as far as I know. You will need to program some additional mechanism to ensure that the URL can not be used again.

Bill
 
Surendra Babu
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank you Bill.

Yes, we're making sure that token gets invalidated after a specific time. We're including the time stamp into the token. When data is decrypted, If the time stamp is more than acceptable threshold, token gets invalidate user is sent back for login.
 
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
"asb tech", please check your private messages for an important administrative matter.
 
Ranch Hand
Posts: 228
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello Friend,

Sending data as query parameters to the application is fine.
Only thing is your encryption logic should be known to that application to decrypt it.
 
reply
    Bookmark Topic Watch Topic
  • New Topic