community September 11, 2010

Global Network Auto-Login

We now support automatically logging in to any site in the Stack Exchange network. By that I mean, as long as … You have recently logged in to any Stack Exchange network site You hold an existing account on the target site you’re navigating to You are using the same OpenID credentials … the site…
Avatar for Jeff Atwood
Co-Founder (Former)

We now support automatically logging in to any site in the Stack Exchange network.

By that I mean, as long as …

  1. You have recently logged in to any Stack Exchange network site
  2. You hold an existing account on the target site you’re navigating to
  3. You are using the same OpenID credentials

… the site you’re navigating to will automagically log you in! You’ll see a notification bar at the top to let you know when you’ve automatically logged into a site.

(We just forced every registered account in the entire network to log off and log back in to ensure that everyone has logged in under this new regime — so everyone should meet criteria #1 by definition.)

Global logins are tricky for us because we need cross-domain identity. That is, each of the following sites should, somehow, just magically know who you are:

  • stackoverflow.com
  • serverfault.com
  • superuser.com
  • stackexchange.com

(not to mention that all current Stack Exchange 2.0 sites will eventually have custom domain names of their own choosing.)

While subdomains such as chat.serverfault and meta.serverfault are easy if you store your cookies the right way, getting access to cookies at different domains is, to put it charitably, a friggin’ nightmare. The whole third party cookie story — that is, reading or writing cookies stored at a domain other than the one you’re currently on — is irreversibly screwed up, and getting worse with every new browser release, thanks mostly to unscrupulous ad networks.

So, we gave up on using third-party cookies. Instead, we use HTML 5 Local Storage for global authentication, at our centralized domain stackauth.com. Now, this does require a modern browser, though not unreasonably so: IE8+, Chrome, Safari, FireFox 3.6+, and Opera 10.61+ are all supported.

Kevin has labored mightily to get all this working, and we’ve been silently running beta revisions of global auth across the network for the last two or three weeks as we work out the kinks and test. We now think it’s (mostly) ready for prime time.

As with all things technically complex, there are some caveats. Global auth should work fine in the typical case — and even if global auth is completely down, it can never prevent you from logging into a site the traditional way. But please be advised that we may not be able to automatically log in you in, if …

  • You’ve been to the target site recently without a global auth session (click the “login” link at the top of every page to force it)
  • You’re using some sort of anonymizer that interferes with HTTP Referrer
  • You aren’t using the same OpenId across all sites
  • You’re visiting a per-site meta without first logging into the parent (child metas don’t use global auth; they rely on identity coming from the parent site.)

(And if you’re looking for excruciating technical detail on how this all works, Kevin has documented that here on meta.)

If you have issues with global auth and need to troubleshoot, I suggest starting by forcing a global logout — you can do this by clicking “log out”, then clicking the big “log out everywhere” button.

Bear in mind that you must hold accounts on the sites — global authentication will not automatically create accounts for you (with the lone exception of http://stackexchange.com itself). That said, as long as you’re logged into one account in our network, you should now be automatically logged into all your accounts.

Do you love network security? If so, there is plenty of work to be found. Check out the latest opportunities in our network security job listings.

Podcast logo The Stack Overflow Podcast is a weekly conversation about working in software development, learning to code, and the art and culture of computer programming.

Related

community March 31, 2020

Podcast 222: Learning From our Moderators

This podcast is meant to reach the Stack community, so we thought it would be great to have some of the moderators who help keep our communities running come on the show and chat about what they do and what they are seeing.
Avatar for Ben Popper
Director of Content
company May 7, 2020

A message from our CEO: The Way Forward

This is a key moment in our company’s history, as the whole world is dealing with significant uncertainty. Know that you are not alone. We are facing this situation together. Our goal is to stay focused on living our core values and actively connect with teammates, our community, and our customers.