I am Curious about how cross domain authentication work? for example. To sign into Orkut.com you need to to sign in via Google.com. So the authentication happens at Google.com and it sets the cookie. So my question now is how does Orkut.com able to read this cookie or authenticate the user with no other information ?
What can possibly go wrong?
This link might be helpful.
http://code.google.com/apis/accounts/docs/AuthForWebApps.html
Keep in mind, Orkut is one of the Google services.
OpenID is another solution which actually used in SO.
orkut is probably using google's OpenID+oAuth for authenticating users. This means that you probably have a google identitity url stored in your orkut profile, and orkut sends you to google so that you can verify that the users signing in through the browser do indeed own the google identity. If orkut gets verification that you own the identity, then orkut can safely assign you the autentication cookies for orkut.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 一夜七次 的文章《Cross Domain Authentication》','https://www.manongdao.com/article-128697.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}