
How to check if a user is logged in on another domain? - r4victor
My website (A) should display a content only for those users who is logged in on another website (B) which is on another domain. I can&#x27;t access the cookies, so I have to look for another options.<p>The only way of doing this I see right now is to send XMLHttpRequest to B using CORS with credentials and since B has an access to session cookie of its origin it can response whether the user is logged in or not. The response has to be send to server A via AJAX so it could determine what kind of content to display.<p>But how should the response look? How to handle it? As long as client controls this area yes&#x2F;no answer is not the choice. What kind of data can I pass so that client won&#x27;t be able to send fake valid request to A?<p>B is not the only website I need to interact this way with. There are C, D, E... and every has its own authentication system, so I can&#x27;t use SSO.
======
zer00eyz
Have you looked at oauth? This is the sort of thing it was designed for, but
it assumes that all the domains support it.

------
chatmasta
If you can’t use shared cookies, then you need something like oAuth.
Ultimately there needs to be some sort of authentication token in the HTTP
request/response. Where that token comes from is up to you, but it certainly
should not come from the client.

