Token for cross domain authentication
CDA works like this:
- Access to CDA handler
- No Cookie -> redirect on portal
- Portal see we are from a CDA domain
- Portal redirects on CDA Handler with session_id in URL (as GET parameter)
We could just redirect the user with a token in URL, and then the Handler would call directly the portal to get the real session ID. This can avoid to keep the session_id in users's history.
This will be a configuration option, because this requires a direct access between Handler and Portal, and maybe activation of SOAP services.