StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
text
Body
copied!<p>I had to set this up at my last job. The way it was handled was through some hand-waving and semi-secure hash passing.</p> <p>Basically, each site, site A and site B, has an identical gateway setup on each domain. The gateway accepts a <code>user ID</code>, a <code>timestamp</code>, a <code>redirect URL</code>, and a <code>hash</code>. The <code>hash</code> is comprised of a <code>shared key</code>, the <code>timestamp</code>, the <code>user ID</code>.</p> <p>Site A generates the hash and sends all of the information listed above to the gateway at site B. Site B then hashes the received passed <code>user ID</code> and <code>timestamp</code> with the <code>shared key</code>. </p> <p>If the generated hash matches the received hash, then the gateway logs the user in and loads their session from a shared memory table or memcached pool and redirects the user to the received <code>redirect url</code>.</p> <p>Lastly, the <code>timestamp</code> is used to be able to determine an expiration time for the provided passed <code>hash</code> (e.g.: the hash was only valid for <code>x</code> time). Something around 2.5 minutes is what we used for our TTL (to account for network lag and perhaps a refresh or two).</p> <p>The key points here are:</p> <ul> <li>Having a shared resource where sessions can be serialized</li> <li>Using a shared key to create and confirm hashes (if you're going to use md5, do multiple passes)</li> <li>Only allow the hash to be valid for a small, but reasonable amount of time.</li> <li>This requires control of both domains.</li> </ul> <p>Hope that was helpful.</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload