#StackBounty: #authentication #cookies #single-sign-on Is it possible to use cookie-based single sign-on authentication scheme if sites…

Bounty: 300

According to Wikipedia, A simple version of single sign-on can be achieved over IP networks using cookies but only if the sites share a common DNS parent domain. This means that if the user has authenticated on login.foo.org, then the web-server on login.foo.org issues an authentication cookie for foo.org domain and the user is able to authenticate on sites like billing.foo.org or wiki.foo.org using that cookie. However, could the login.foo.org make a request to login.bar.org after a successful authentication and thus the user would get two authentication cookies: first-party cookie for foo.org domain and third-party cookie for bar.org domain?

Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.