The idea of implementing SSO across the primary domain

The same primary domain (that is, all the subdomains under the same level of domain name) includes multiple server sharing session data implementation methods Many, here is not much to say!

The key issue now is the implementation of SSO for different primary domains! This problem is more complex, can be achieved, but a lot of the use of a special software system to support ...

In fact, the session also needs cookies to support, the cookie does not support across the primary domain determines the session can not cross the primary domain! So, how do you implement a cross primary domain???

This is another simple way that I suddenly think of when I implement SSO in my project for everyone to discuss

A, false with A.com, B.Com, c.com these three main domains, of which a.com is mainly responsible for verifying the pass (faster), B.Com and c.com are specific applications

II, B.Com and c.com and a.com some of their own applications need to a.com to obtain trust (landing)

Assign a subdomain passport to each primary domain. B.Com, Passport. c.com, their IP points to the host address where the a.com resides.

Four, after the user login through the verification, set up a jump rule, take session_id as a parameter, jump Passport. B.Com, Passport. C.com (in fact, these subdomains can be established to a host of the default site, through the array and some parameters can be achieved one by one fast jump), jump directly with the header of PHP ("Location:passport." B.com/?sid=xxxxxxxx&i=0 "); , at the same time, overwrite the current primary domain session_id for passing over the session_id on it.

Here are some considerations:

1, will each passport. X.com allocated to the same speed of the host, conducive to rapid jump, and the user can not see the complex jump process ...

2, the same host jump can avoid the intermediate jump link error causes jump failure.

I've only tested it on a native analog multi-domain, and it works fine; there are no specific tests on the Internet Network , please have a chance to try and offer a better SSO solution ...