Do you know how Google doe's authenticate users for multiple domains/services with just one login? (Please dont't just say SSO :D).
What I mean: When a user visits translate.google.com and authenticates here, he is also logged in at google.com, gmail.com, youtube.com etc. How is that working? The main problem is that sessions/cookies are only working for the domain they were created at.
I was thinking about, for loggin in the user is redirected to google.com and has to authenticate there. So when he is logged in here, he should also be logged in for foo.google.com, bar.google.com.... (see RFC 6265 - Domain set cookie for subdomain)
But it makes no sense since domains like youtube.com are working as well. Also I looked at the redirects with Firebug and there is no google.com.
See Firebug transfer here: http://www.noppen-lehrgang.de/data/goog.png
Also here is a list of the cookies Google sets when visiting the first time and after logging in: noppen-lehrgang.de/data/goog2.png
I have a website in PHP, that is accessible through different domains and would like to have this frunctionality (the used domain affects the content). I have seen scripts like multidomain-sso (https://github.com/0k/multidomain-sso), which does AJAX-calls to generate sessions for all needed domains. But this feels kind of dirty, especially when the number of domains grows.
Does anyone have some experience with that? I am sure it has something to do with SSO.. but when researching i onlyget stuff like oAuth and openID, which seems to be a solution to communicate with 3rd-Party-APIs generally.
Thanks for your help and time!! gerti
