If I set user details in a session, and my applicaion is such that it serves custom look and feel sites depending on site URL, which actually is virtual hosting. Though all functionality is carried out by the same webapp, two sites say abc.com & xyz.com will have significantly different look depending on CSS, few custome pages & images designed for them.
So how does my authentication/sessions work in this case? All this is being served by same webapp on the same physical server. Assume there are 4 sites -
Now I want user logged on abc.com to use abc.net without requiring to sign-in again, but same user should not be able to do it for xyz.com or xyz.org. There he needs to register/login differently.
That way sites are grouped in a different way. How can I achieve this? Can somebody help me visualize things a bit more clearly here w.r.t. virtual hosing....I am sort of lost.
products like tivoli access manager and siteminder will let you do this quite easily; however, they are enterprise level products that will cost you arms, legs, and both kidneys.
you should be able to do what you want with cookies, setting explicit domains and/or path. each site will perform cookies checking and do authentication as necessary against a shared users repository. you'll need to do this carefully and test against any possible security holes.
-/a<br />certified slacker...yes, my last name is 'do' - <a href="http://www.luckycouple.com" target="_blank" rel="nofollow">luckycouple.com</a>