问题
I have implemented SingleSignOn for my DNN site say www.example1.com. There is another site called www.example2.com. Both the sites will redirect to a common login page which uses a webservice to authenticate the users from external database.
The problem is, when i clicks on login button in example1.com, the user will be redirected to common sso login page, and after successful authentication, he will be redirected back to the original site. If I opens a new tab and enters the url that example2.com, the user is not being logged in.
But, if i clicks on login button in example2.com, the user is automatically getting logs in.
What I want exactly is, when I logs into one site in first tab and opens another site in the second tab, on the page load only the user should be logged in, but not on the login click.
How can I handle this issue ? Any help is appreciated.
回答1:
I do something similar to this.
Your database should track users currently logged in. Before you redirect to the common login page, you should check if the user is logged in. Your example2.com is not checking to see if the user is logged on before redirecting to the common login page.
Here is how ours works:
- Both sites must check for cookie/Token before redirecting
- User Logs into site and is Authenticated
- Writes User to Token database
- Stores Token in cookie with expiration
- Subsequent requests read the token from the cookie and validate against Token database
- When user logs out, cookie and database entry are deleted
- If user does not log out properly, you must clean up tokens on a set interval
来源:https://stackoverflow.com/questions/18621303/dnn-single-sign-on-through-webservice