From: Aaron H. <aaron@MetroNY.com> - 2003-05-08 14:30:15
|
> > >This works for what it does, but as others have alluded to there are >other problems, eg. sessions are shared between sites (contexts), so >loggin in at one site means you are logged in at all of them. I need >more code to clear the session state when switching sites. (Or do this a >different way.) > > If you use different a host.domain.com and use cookie sessions then the browser will manage two different sessions when accessing your site. The browser will only send the cookie for that particular domain so in your case it may not be an issue. You could also have a slight differnce in your user object. I just set a User.company flag and then in secure page I did something like if user.company = 'scomsci' or user.company='metrony': login.... In my login I did : SQL = select * from users where username=%s AND password=%s and company in ('%s', 'metrony') This way I could use my account to login in to any site, but then again I am lazy. See - its a Feature. |