• Post Reply Bookmark Topic Watch Topic
  • New Topic

Domains of cookie query

 
omkar patkar
Ranch Hand
Posts: 231
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello friends,

I have a query. In my project there are 2 servers ( ... 2 different physical servers) ... so they have 2 different ip addresses.

But both of them have same domain.

Example: -
Server 1: - http://www.abc.com
Server 2: - http://xyz.abc.com

As you can see server 2 has a sub domain "abc.com".
My J2EE web application is hosted on both these servers.
The user at the time of login is directed to wards either of the servers based on certain condition.

The code deployed on these two servers, creates cookies for "Log me in for the day" functionality with the domain as " .abc.com "
Therefore, next time when user tries to access the system, through cookies, he is appropriately logged in to the server, that
had created the cookie.

But now a scenario has come up, in which, a third server is there. Its IP address is different from the Server 1 and Server 2
It is in different network. Its domain is also different.

Server 3: - http://www.pqr.com

My application cannot be hosted on Server 3 for business reasons.
However, users can access my application on Server 2 using login page hosted on Server 3.
And the "Log me in for the day" functionality needs to be retained.
That is the cookies should be created as they used to previously.

Please guide me, if i need to create the cookies with domain as ".pqr.com" so that if users try to log in again through Server 3
then, the user should be able to log in using cookies. There will be web server level redirection between Server 3 and Server 2

In brief, when user tries to hit following urls and access the system the flow will be as follows:-

-----------------------------------------------------------------------------------------------------------------

-----------------------------------------------------------------------------------------------------------------

I hope i have not made it complicated....but please can some one guide me how i can manage the domains of the cookies?

Thanks and Regards
 
Ulf Dittmer
Rancher
Posts: 42970
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That's the domain of Single Sign-On (SSO) solutions, several of which are listed at http://faq.javaranch.com/java/SecurityFaq#web-apps
 
omkar patkar
Ranch Hand
Posts: 231
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you so much Ulf, ...but i don't know what is SSO?
Can you give me some idea of it ?

Mine is a full fledged application, developed over a period of 3 years.
And we use, Struts 1.2.8, Spring 2, iBatis, Oracle database,
OC4J as application server and Apache as the web server.

Can you please tell me if implementing this SSO, would be simple and take less time ?

I am little skeptical if our client will agree to implement SSO in current stable application.
Besides, SSO, is there any workaround ?

Thanks and Regards
 
Ulf Dittmer
Rancher
Posts: 42970
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Start here: http://en.wikipedia.org/wiki/Single_sign-on

Reading up on the individual SSO solutions listed at the link I gave earlier should give you an idea of how complicated it would be to integrate. Not sure what you mean by "take less time" - less time than what alternative?
 
omkar patkar
Ranch Hand
Posts: 231
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you again Ulf, I was looking into the wiki resource for single sign on.
"less time" means, time taken to install, configure and integrate with existing software
and hardware, and after that it should work with existing application...so i am bit worried !
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!