The scenario is a multi-site installation (on V13) where the FE-user may conduct a login from any site (each has a page with felogin etc). The idea would be that the user does the login on domain-a.tld and when switching to domain-b.tld, he will be logged in as well.
I’m aware that this can be tricky and might raise also questions from a security point of view. The whole setup in TYPO3 (trustedHostsPattern, CookieDomains) and on the Server CORS-Setting is done. A similiar setup for another project based on subdomains works like a charm.
However, it’s not clearly ruled out, that this might not also work with TLDs. The question is now if the usage of multiple TLD is not possible at all or if it’s just a matter of a correct configuration.
If not possible we have to consider then a SSO solution by OAuth perhaps.
Thanks for any help / insights, helping to point me to the right direction
I’m not a cookie expert, but there are a number of browser and privacy features that will probably interfere with sharing cookies.
The most compatible, therefore, may be to do as you suggest, and use SSO. If the user is authenticated on the authentication domain, they don’t have to enter the password every time. It would be a quick and automatic back-and-forth.
usuall there is a “centralized” authentcation provider. letzt call that one my-auth.com in our example.
if you want to log into my-other-site.com what happens behind the scenes is your browser is redirect to my-auth.com with paramters describing the oringin of the SSO Requet. (and you perform a login there, or use an existing session) and then get redirected to my-other-site.com (with paramters to to identify the account) and then my-other-site.com creates a news session (cookie) with that account information.
if you want give the user the feeling that they are just “magically” logged in. you need some Javascript code which comunicates wiht my-auth.com
Importantly, this is added in a later comment:
the ‘centralized’ service does not have to be external. you could have somthing like auth.my-domain.com which runs on your TYPO3.”
Hope this helps. Let me know how it goes and what solution you go for in the end!
