On this page
How Bakery works
Bakery allows for single sign-on between sites sharing the same top-level domain by taking advantage of a browser's ability to read cookies on the same domain.
This document will walk you through how Bakery provides SSO. You should refer to the Bakery FAQ and the explanation of Bakery's cookies if you need clarification.
Bakery augments Drupal's standard process for authentication of sessions and cookies by sending along a second cookie.
Authentication on master
When a user authenticates to the master Bakery site, Drupal stores the account's session data in the database and issues a browser cookie containing an identifier for that user (diagram 1). Along with that normal process, Bakery issues a cookie to be used for SSO. This cookie is known internally as the CHOCOLATECHIP cookie.
SSO to slave
Because the SSO cookie was set with a leading period on the domain, any other sub-domains can access it. So, when the user requests any page on a slave site, the user's browser will send along the CHOCOLATECHIP cookie.
The CHOCOLATECHIP cookie is validated on the slave site and if it's correct the user is logged in and issued a standard Drupal authentication cookie (diagram 2).
If the user does not yet have an account on the slave site one will be created for him or her.
Be sure to next read what it means to use Bakery for your SSO solution.
Legend for diagrams:
Help improve this page
You can:
- Log in, click Edit, and edit this page
- Log in, click Discuss, update the Page status value, and suggest an improvement
- Log in and create a Documentation issue with your suggestion
