All I want to is that when a person is already have authenticated with my site, I would like to pass this info to third party website. The other website should verify this by using JavaScrip开发者_开发知识库t and allow access. What are the method of doing such thing? Is it by passing a session cookies?
You cannot pass cookies cross domain. One way to achieve SSO cross domain is to have SiteA and SiteB share common secret allowing to encrypt/decrypt values. AES is a good algorithm for this. So if a user is authenticated on SiteA then you could provide a link to SiteB by passing an encrypted token containing the username in the request. And because SiteB shares the same key as SiteA it will be capable of decrypting it and fetch the username. Once it has the username it can emit its aiuthentication cookie for this user on the second domain.
I am afraid that doing this purely with javascript might be very challenging as you will need to pass the secret used to encrypt the token to javascript which obviously would be catastrophic in terms of security. So IMHO you will need a server side support to achieve this.
As Darin said, you cannot share cookies across domains. What you're trying to do is what third-party cookies were designed for. Unfortunately, these have gotten such a bad reputation, that most browsers block third-party cookies by default.
You'll need some sort of back-channel (server-to-server) communication in order to share details about users such as their authorization status. Take a look at real-world implementations of this sort of thing, such as OAuth, to see how they went about solving this problem.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论