How to create a cross-domain session?

G

Guran2015-01-22 04:58:32

Java

Guran, 2015-01-22 04:58:32

The essence of the problem: there is a site aaa.com and bbb.ru, both are running on Tomcat, and are physically located on the same server, both use the same database and one Redis, in which sessions are stored. How can I use one session on two sites when logging in to aaa.com and then going to bbb.ru?

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

Y

yanchumak, 2015-01-22
@yanchumak

store sessions in db (s)KO

N

Nikolai Pavlov, 2015-01-22
@gurinderu

Store the session in a database or in a distributed cache.

P

papkinv, 2015-01-23
@papkinv

you can look at CORS

G

Guran, 2015-01-24
@Guran

As a result, I came up with this option:
Redis stores the session on its own, but gives it away by a cookie tied to the browser, in JAVA it is called JSESSIONID, in PHP PHPSESSIONID. If you replace the ID in the cookies of the second site with the ID from the first, then in fact, on two domains, the session will point to the same block in Redis.
After that, it is enough to write a secure function on sites to change cookies, and, if necessary, send IDs from one site to another. I do this through a hidden iframe.