|
|
|
|
|
|
by hirsin
1633 days ago
|
|
|
There's a legitimate engineering issue here too that bears mentioning. Your marketing team will charge ahead with migrating all your product.business.com sites to just product.business You'll get half a year into that migration before someone asks about shared domain cookies. Oh, login.business.com dropped an SSO cookie on business.com? After that you'll get the lovely request - you work with the browser people, can't we just edit the standard to drop a cookie on a TLD? |
|
|
I would really like a better solution; but that appears to live solidly within a successor to current HTML pages, something designed from inception with security contexts in mind. Maybe they can fix login / logout / credential management too; I really hope they just use kerberos.