By scothiam on
Hi, I'm wondering if it is possible to create accounts on my drupal site using cookies from non-drupal sites?
1 user logins into site A
2 user clicks a link to site D (drupal site)
3 site D checks the cookie form site A and the user is 'logged in'
what is missing here and is this even possible? Could I pass some info via the link and some via the cookie?
cheers,
Comments
It's my understanding that
It's my understanding that you can only read cookies from your own domain. So unless you setup some type o cross site domain that both sites used (example being double click) you couldn't use cookies to transfer info. Otherwise lots of sites could just hijack any other major sites ID info when someone came to visit.
-------------------
http://www.PrivacyDigest.com/ News from the Privacy Front (Drupal)
http://www.SunflowerChildren.org/ Helping children around the world ( Drupal)
Single signon or Open Id
There are some modules for single signon and OpenId that show how sites can connect. Single signon is normally used with several sites running off the same database while Openid is aimed at separate sites interconnecting. When you have www.example.com and forums.example.com using the same database, they can share one cookie as example.com and single signon works.
examplea.com and exampleb.com cannot share a cookie because it would let the scum of the earth, marketing people, kidnap your session. The sites can allow login at exampleb.com using the login from examplea.com by using open id. I can login to the Drupal groups site using my drupal login, peterx, in the form peterx@drupal.org.
The open id sites can be built with any old rubbish including Perl code from 1994 so long as the sites follow the open id standard. Your site can choose who will be accepted based on the site name in the login.
If you add SSL and some other tricks, your link on the other site could pass the user information for a remote login. It would not be a normal link and complicated to implement. You may be better off replacing the link with a Web service to return information to the other site.
Open Id is the best approach if you do not control the other site. When you control both sites, you can try some of the tricks where the link on the other site does something with Javascript, special encrypted tokens, and voodoo.
petermoulding.com/web_architect
petermoulding.com/web_architect