We have two websites. What we want is for a user to log into one website, then, when he goes to another website, he no longer needs to login.
What I did was to place an image on the web page of the first website, which is shown after user logs in. That image is downloaded from the second website. In the action method in the second website which serves the image, I place an authentication cookie and logs user in.
Contradicting outcome:
-
After user logs into the first website, he still has to log into the second website. Although the image was indeed downloaded from the second website, it did not insert an .ASPXAUTH cookie.
-
However, if I manually invoke that action method by placing the URL of that action method into browser and hit enter, the second website did insert a .ASPXAUTH cookie, and I no longer need to log into the second website.
What's the difference between the web page on the first website downloading the image, and me doing it manually?
Aucun commentaire:
Enregistrer un commentaire