Ticket #41 (closed task: fixed)

Opened 13 years ago

Last modified 13 years ago

[S] Cross Domain Cookies

Reported by: lawrence Owned by: pjkersha
Priority: blocker Milestone: PreAlpha
Component: security Version:
Keywords: SecSession WGSecurity Cc: astephen, spascoe

Description (last modified by lawrence) (diff)

NDG needs to work across the domains of different data providers. However cookies are only visible in the domains they are set ( see Stephen's Notes on the issue).

See also various other blog entries:

Change History

comment:1 Changed 13 years ago by lawrence

  • Description modified (diff)

comment:2 Changed 13 years ago by lawrence

  • Cc astephen, spascoe added
  • Summary changed from Cross Domain Cookies to [S] Cross Domain Cookies

This requires all data providers to implement a service which other services can redirect to, which then does a login, or checks for cookies to see if the user is already logged in, and then posts the ndg security cookie information back to the redirectee.

This means all services which want to talk to the login service should expect a possible post back with form contents which are the NDG cookie.

comment:3 Changed 13 years ago by lawrence

  • Milestone changed from ALPHA to PreAlpha

comment:4 Changed 13 years ago by pjkersha

  • Status changed from new to assigned

comment:5 Changed 13 years ago by lawrence

  • Status changed from assigned to closed
  • Resolution set to fixed

As far as I'm concerned, this is done, we might want to do this with Openid or something in the future, but we can do that as a new ticket.

Note: See TracTickets for help on using tickets.