4 Sep
2010
4 Sep
'10
11:54 a.m.
On 09/04/2010 01:07 AM, [Ricardo Rodriguez] eBioTIC. wrote:
Hi!
Following a comment in http://jira.xwiki.org/jira/browse/XEM-174 and
about xwiki.authentication.cookiedomains.
As far as in understand it allows to share cookies between sub domains
(for instance, wiki1.mydomain.com, wiki2.mydomain.com and
wiki3.mydomain.com) but not between domains (for instance mydomain.com,
yourdomain.com, theirdomain.net). As I am not sure about the
terminology, I'm using between, across, sub domains and domains as per
http://www.15seconds.com/issue/971108.htm
Am I right or is it currently possible to share cookies between domains
in a XWiki farm? For us, it is not possible to share a common part for
domain names of virtual wikis. It can't be wiki1.mydomain.com,
wiki2.mydomain.com but mydomain.com and yourdomain.com
What I am trying to avoid is that an user must to log in more than once
to access all the granted resources within a XWiki farm, mainly when
moving from a virtual wiki to the main wiki for, for instance, edit
his/her preferences or modify his/her profile.
It is impossible to send a cookie for a domain that's not a substring of
the current URL, since it would be a big security issue. Further, it is
impossible to set cookies for a TLD (.com).
One trick that might work, although I didn't try, is to use cross domain
AJAX requests which add cookies, but this is not a bulletproof solution:
- works only with JS
- works only in browsers that understand cross-domain requests
See https://developer.mozilla.org/en/HTTP_access_control and
http://www.w3.org/TR/cors/
But maybe you should try something else, like WebID
http://webid.myxwiki.org/
--
Sergiu Dumitriu
http://purl.org/net/sergiu/