They need to share sessions/cookies.
And that leaves one question unanswered:
How to do it?
The method requires that you redirect the user to the second domain, set the cookie from there, then redirect back to the original domain. Even if the code runs on the same server you HAVE TO redirect the user to the 2nd domain.
The reason is browser security won't let you set a cookie for domainB when you are on domainA.
Step 1 - authenticate user on DOMAINA and set cookie
Step 2 - redirect user to method on DOMAINB (this method can check the auth a 2nd time or pass a token that you look up and expire, many ways of performing the 2nd auth. You can literally check it against the same DB again if you want... but redirect them to something like DOMAINB.com/sso?token=_oitrue54kljfdg?came_from=DOMAINA.login or whatever) - make sure you set cookie....
Step 3 - Repeat for each domain
Step 4 - Redirect the user back to DOMAINA or where ever is appropriate in your app and provide message about success or failure
The user now has a cookie set for each domain. I know it seems like a lot to cycle through all the domains but it will give you the chance to give special permissions as roles per domain if that is ever needed.... EG user logs into DOMAINA and is an author, but is an admin for DOMAINSB&C and is just a user in DOMAIND.. and maybe has no credentials in DOMAINE.... this may not be needed now but it could be in the future and this method gives you the ability to make an exception per user for each domain.
Sign in to participate in this thread!
We'd like to thank these amazing companies for supporting us