Shared login authentication between two domains?!

[tanya.wang]

Hi all,

We have a site called http://www.mydomainxyz.com/ and our network guy
has set up load balancing with multiple IIS servers. We also have a
function that allows users to upload photos on our website. Recently
we found that doing load balancing will cause the upload function not
workable sometimes and we came up with a plan by creating a specific
domain (let's say http://upload.mydomainxyz.com/) and linking it to
our primary web server. We expect that every uploaded pictures will be
stored under the folder of our primary IIS server. But here comes my
problem -

Since all users are required to login before uploading pictures, We
found that the new domain cannot carry over the login information that
our www domain already knows. In other words, if our users log in
http://www.mydomainxyz.com/, they have to login again when they switch
to the page beginning with upload. Is there any way that these two
domain can share the same login information without requiring them to
input login information again?

The http://upload.mydomainxyz.com/ will only be used for uploading
pictures only. All other pages we will use the www domain.

Here is what I did when login to www.mydomainxyz.com -

<%
set rs=server.createobject("adodb.recordset")
sql="select ID, username, pass from registration where username='" &
request("username") & "' and password='" & request("password")& "'"
set rs = conn.execute(sql)
if not rs.eof then
'Login cookies
response.cookies("login_situation")="OK"
response.cookies("login_name")=rs("username")
response.cookies("login_userid")=rs("Id")
else
response.redirect ("../login.asp")
end if

%>

 

[Anthony Jones]

Hi all,

We have a site called http://www.mydomainxyz.com/ and our network guy
has set up load balancing with multiple IIS servers. We also have a
function that allows users to upload photos on our website. Recently
we found that doing load balancing will cause the upload function not
workable sometimes and we came up with a plan by creating a specific
domain (let's say http://upload.mydomainxyz.com/) and linking it to
our primary web server. We expect that every uploaded pictures will be
stored under the folder of our primary IIS server. But here comes my
problem -

Since all users are required to login before uploading pictures, We
found that the new domain cannot carry over the login information that
our www domain already knows. In other words, if our users log in
http://www.mydomainxyz.com/, they have to login again when they switch
to the page beginning with upload. Is there any way that these two
domain can share the same login information without requiring them to
input login information again?

The http://upload.mydomainxyz.com/ will only be used for uploading
pictures only. All other pages we will use the www domain.

Here is what I did when login to www.mydomainxyz.com -

<%
set rs=server.createobject("adodb.recordset")
sql="select ID, username, pass from registration where username='" &
request("username") & "' and password='" & request("password")& "'"
set rs = conn.execute(sql)
if not rs.eof then
'Login cookies
response.cookies("login_situation")="OK"
response.cookies("login_name")=rs("username")
response.cookies("login_userid")=rs("Id")
else
response.redirect ("../login.asp")
end if

%>

Don't create multiple cookies use a single multi value cookie like this:-

Set oLogonCookie = Response.Cookies("Logon")
oLogonCookie("state") = "ok"
oLogonCookie("username") = rs("username")
oLogonCookie("userId") = rs("id")
oLogonCookie.Domain = "mydomainxyz.com"

Note the domain property above will cause the cookie to be sent with
requests for any host in the domain (i.e., both upload and www will receive
the cookie regardless of which created it).