Just curious how Stack Overflow uses single sign on across domains. I believe this is something with Apache most likely since cookies fail cross domain. Here’s a great example of it in action if you don’t know what I’m dribbling on about.
- Click your username all the way at the top of the page
- Scroll to the bottom of the page, and click another “account”
other than Stack Overflow (e.g. SuperUser)
If you look, you are still logged in as a user. Particularly you.
This kind of is an interesting thing, we can vote out the fact that
Stack passes cookies, since they invalidate cross domain, which begs
the question of what exactly they do to keep you logged in cross domain?
Is it the image trick (I’ve heard of using gifs to relay information)
does it have something to do with OpenID or something else entirely.
I know that there are multiple SSO solutions such as JOSSO, OpenSSO,
CAS, Shibboleth and many others. I do appreciate the seamless nature
Stack Overflow has and just curious if anyone knows their implementation.
They do not share credential information. You have to logon separately on each site. If you log out of superuser, you will still be logged in stackoverflow.
Check out your cookies, you have one called
usrfor each domain.