[thesite] new authentication ideas for evolt

Daniel J. Cody djc at starkmedia.com
Fri May 18 23:08:07 CDT 2001

matt had an excellent idea today about our problem with logging into all 
of the new evolt sites we've got going right now.

the problem is that we have X.evolt.org and what we're doing now is 
querying against that particular sites DB for member authentication. for 
sites that we *may* not want to have access to a copy of the user 
information, this is a bad thing. the need though still remains that we 
should have a centralized DB to authenticate against.

the solution is pretty much a passport.com site just for evolt sites. 
example: i go to dan.evolt.org, the login form there goes to a 
centralized place, login.evolt.org for example. i enter my username and 
password, and the form submits to login.evolt.org.. login.evolt.org does 
a lookup on the info that got sent, checks it against our main DB, and 
if i'm a registered member, it sets a cookie for the *.evolt.org domain 
and redirects me back to the dan.evolt.org site. dan.evolt.org then 
checks for an *.evolt.org cookie, and if i have it, authenticates me. 
other info like username and userid could be put in this cookie as well. 
this is a good thing because we're not tied down to one language 
anymore. if dan.evolt.org runs python, i just code that page to check 
for the *.evolt.org cookie.

i'm still working out the details and process for this. anyone got 
comments or other stuff that could expediate it or thoughts?

this could be a really good thing IMO. props to matt for suggesting it :)


More information about the thesite mailing list