I am hoping someone can help me come with the best way to accomplish my goal.
Ideally I would like to have
https://login.example.com handle the user authentication, password reset, etc... once the user logged in, they are forwarded to the actual application.
I am trying to figure out the best way to handle the second part, in a secure way. I could go with some kind of SSO solution, like OpenAM, but that seems a little over kill to me. I could have the login.example.com add a token to a database somewhere, set a cookie, then forward to the application, and then validate the token, but then I have to manage a token database of tokens, removing expired tokens, etc...
This seems like a common way to do things, for example,
https://login.mailchimp.com. or
https://login.salesforce.com
Any suggestions would be greatly appreciated.
Derek
On Sep 6, 2012, at 11:07 AM, Shing Wai Chan <shing.wai.chan_at_oracle.com> wrote:
> We don't support setting path for JSESSIONIDSSO's domain for security reason.
> Shing Wai Chan