Web sites may perform user authentication to control access to certain resources, such as information, products and/or services. For example, a web site may require a user to register and sign in using credential information, such as user name and password, to access member areas of the web site. The user can gain access to the web pages located in the member areas after submitting the correct user name and password for authentication.
A typical web browser allows a web page to store a piece of information, known as a cookie (or web cookie or http cookie), which is accessible to other web pages in the same web domain. The web browser receives a cookie from a web server and provides the cookie back to the web server so that the web server can relate separate web requests via the information stored in the cookie.
A web site may use cookies to indicate that the web site has used a login page to authenticate the user of the web browser; and other web pages in the same web domain can check the cookie to determine whether the current user is an authorized user. The cookie may expire after a predetermined period of time, or after the user signs off from the web site.
For privacy and security reasons, a web browser typically prevents web pages in a first web domain from accessing a cookie set by a web page in a second web domain different from the first web domain.
There are systems that use single sign-on authentication methods, which allow a user to authenticate once and gain access to the resources of multiple systems. For example, a centralized authentication server may perform user authentication for multiple systems.