Single sign-on and 'session' across two domains
Posted: Fri Feb 13, 2009 7:16 pm
I was wondering what the thinking was on trying to build an application that could take a logged-in customer across two separate domains on two separate server environments, so that they can navigate back and forth with the session data, such as a shopping cart, remaining intact. This isn't ideal I know, but are there relatively easy technical means of doing it? We wouldn't want to pass values via URL for security reasons, and sessions are tied from client to one server, so it would seem the technical and security issues would make it impractical at best. So is restricting such an application to a single server environment (where even in a load-balanced farm session data is centrally stored) the only real practical solution?