Posted by David Smithz on 08/21/06 23:54

"David Dorward" <dorward@gmail.com> wrote in message >
> The authentication information would have been sent from the server to
> Hotmail, then Hotmail would have sent the response back to the server.
>
> The server is now logged into Hotmail.
>
> The server can then pass the data to the client. The client isn't
> logged into Hotmail, so any attempt to follow the links to Hotmail
> would leave Hotmail saying "Go away, you aren't logged in". (and that's
> assuming the links are not relative ones in the first place).
>
> The server cannot log the client into Hotmail because it doesn't have
> permissions to set cookies that are valid on the hotmail.com domain.


Thanks for that David. Well described. I assume the authentication is always
going to be by some session cookie held on the server to allow
authentication. Is there no way the authentication cookie could just be
handed to the web browser on the users PC?

Just a last stab to make sure there is positively, absolutely no way of
doing this without having to rewrite all the URL's etc.

Also Andy Dingley has described it as being possible using single signon,
but of course he must be assuming that the websites I am talking about are
participating in the scheme, which they are not.

Cheers

[Back to original message]