Simple SSO solution cookie implementation

SSO is the meaning of Single Sign-On. I believe everyone should know what are the benefits of using SSO. I will not talk much about it. Let's talk about my ideas directly.

 

My idea is to use cookies (cookies are restricted and will not be commented ). if cookie is used, the primary solution is the cross-domain issue of cookie. the key is that we cannot operate cookies in different domains. if the operation is successful, there will be no security. it can only save the country by curve. when logging on to a website, we can request other websites to send their cookies. I drew a picture. Let's take a look.

 

The third step is to use dynamic append script blocks or IMG objects to send requests to another website so that the website has the opportunity to write its own cookies.

 

The script block is as follows:

VaR S = Document. createelement ("script ");
S. src = "http://www.site2.com/a.aspx ";
Document. getelementsbytagname ("head") [0]. appendchild (s );

 

For example, IMG is simpler

 

In A. aspx, we can write back the corresponding cookie so that the corresponding cookie can be read during future access.

 

On the authentication server, not only does the authentication work, but also maintains the information of the site members of the Alliance.

 

This solution is relatively simple and has no security concerns. of course, if I want to use this solution on the Intranet, it is still feasible, as long as a small amount of preventive work can be done. at the same time, the amount of changes to the original application is not very large.

 

LabCodeDownload, http://p.blog.csdn.net/images/p_blog_csdn_net/greystar/EntryImages/20080807/SSO2.rar.jpg

After downloading the file name, change it to the file name. It is RAR. If you cannot find the file to be uploaded, change the suffix.