I have 2 sites that are on different servers and domains but I would like to pass from one to the other with out having to re-authenticate.
Both sites use the same DB so my thought was have an Auth Table where I place a GUID, the users ID, and a time stamp. I would pass the GUID in the URL and do a lookup to see if the GUID is in the table and is less then X old,开发者_JAVA技巧 if so authenticated the user.
Any thoughts?
Yes, As long as security is not critical in your solution. If security is critical (money is involved) some other measures should be added. like - encrypt the guid or pass it over secure connection -so it can't be stolen have the guid used only once (to avoid replay attacks, and constantly look for holes in this system, as you implement your own security.
encryption is not easy as you need a key, and if you choose bad keys, or store them not good, the encryption is useless.
knowing more about the architecture, clients might help tightening the security some more.
Remember that passing it as part of the URL leaves a trail all over the web with the guid. Maybe there is a better way to pass it, maybe as data.
The secure way to do this would be to use OpenID with Directed Identity. This way the first site can assert the identity of the user that is accessing the second site.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论