Transparent user session over several sites (single sign-on + single sign-off)

Question

I have several sites in different domains: example.com, example.org, mail.example.com and passport.example.org. All of th

Answer 1

AFAIK, Google just uses a cookie for the "Google.com" domain. But Google also uses OpenID which allows for a generic login mechanism. Basically, this works by redirecting you to a special login page. This login page will detect if you're logged in or not and if you're not logged in it will ask you to log in. Otherwise, it just redirects you straight to the next page.

So, in your case a user would open somepage.example.com and the session for this app has no login ID. Thus it would redirect the user to logon.example.biz where the user will log in. Behind this page would also be a session and that session would tell that the user is already logged in. (Or not, in which case the user must log in first.) It then redirects the user somepage.example.com?sessionid=something where this sessionid would be stored in the session of somepage.example.com. Then this session will also know that the user has logged on and for the user it would almost seem to be transparent.

In reality, the user is redirected twice.