Hi.
This is wrt GT Apps which permit url based sessions (like GM/LSQL) which are necessary for WAP Support as WAP would not work on cookie based sessions.
Now onto the following which could make *such GT apps on different domain* integrated with GC
(1). Once a user logs in to GC, the "session id" value of of the GC Linked GT Apps for a given user be updated with the sess_id value in GC.
(2). Then for the URL Based Session GT Apps, the user_home.html have a link like following for LSQL on a separate domain for example:
<a href="url/to/page.cgi?s=<%sess_id%>">LSQL Site</a>
Where <%sess_id%> is the GCom session id for the given user.
Could try this manually updating the table for GC, and LSQL on different domains and found that the user could roam around LSQL site as "Authenticated"
Currently, <%sess_id%> is not available as template tag in GC so it could not be tested by placing a link ion user_home.html
URL Based sessions could raise a concern from session hijacking security angle. Have seen hotmail/yahoo/rediffmail all work on url based sessions so that shouldn't be an issue ... unless of course WAP support is to be taken out from GT Apps.
Can the following be possible and how:
Thanks
Anup
This is wrt GT Apps which permit url based sessions (like GM/LSQL) which are necessary for WAP Support as WAP would not work on cookie based sessions.
Now onto the following which could make *such GT apps on different domain* integrated with GC
(1). Once a user logs in to GC, the "session id" value of of the GC Linked GT Apps for a given user be updated with the sess_id value in GC.
(2). Then for the URL Based Session GT Apps, the user_home.html have a link like following for LSQL on a separate domain for example:
<a href="url/to/page.cgi?s=<%sess_id%>">LSQL Site</a>
Where <%sess_id%> is the GCom session id for the given user.
Could try this manually updating the table for GC, and LSQL on different domains and found that the user could roam around LSQL site as "Authenticated"
Currently, <%sess_id%> is not available as template tag in GC so it could not be tested by placing a link ion user_home.html
URL Based sessions could raise a concern from session hijacking security angle. Have seen hotmail/yahoo/rediffmail all work on url based sessions so that shouldn't be an issue ... unless of course WAP support is to be taken out from GT Apps.
Can the following be possible and how:
- Update the sessions table of all GC Linked GT Apps as soon as user logs in to GC with the value of <%sess_id%> from GC
- Making GC's session id available as template tag <%sess_id%>
Thanks
Anup