I've faced a similar situation (Though not with Zope at all actually) ... The way I prefered was to set the cookies for both domains in one pass, by using cascading scripts on each server, so that when you log in to one, it sets cookies for itself, and then transparently calls a script on the other site asking IT to set cookies for itself. This of course depends on both sites using the same cookies, which may or may not be the case depending on exactly how you authenticate. But it's an option, Cheers, J.F. -----Original Message----- From: Thierry FLORAC [mailto:thierry.florac@onf.fr] Sent: Friday, March 07, 2003 12:57 PM To: zope@zope.org Subject: [Zope] Single authentication for several servers Hi, I'd like to setup this environment : - I have a first site, handled by Zope, behind an Apache server and rewrite rules. Authentication on this server is done throught an LDAP server with LDAPUserFolder. - I have a second site on a different server, handled by Apache+PHP. Authentication on this server is done throught the same LDAP server, so with the same login/password, throught mod_ldap. My problem is that when I switch from the first server to the second, I'd like to avoid a second authentication. So my idea was to access to server2 throught "http://www.site1.com/site2", with Apache handling a new rewrite rule in proxy mode. Do you think that it should work (I can't test easilly before asking you !!) ?? Of course : - I don't have any SSO solution ; - I can't rebuild my PHP application with Zope before several months :-(( (but I can update scripts to take the new access path into account). Thanks for any help or advise. Thierry -- Linux every day, keeps Dr Watson away... http://gpc.sourceforge.net -- http://www.ulthar.net _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )