JSONP or window.postMessage & MessageChannel

Question

OK, so in building an x domain sso bit of logic we have reach an unknown.

To use JSONP or window.postMessage & MessageChannel (MessageChannel) for windows bastard child IE10.

The logic is (apparently fairly std). One master domain, 2 other domains (site2 and site3). Logging into site1

1. user posts a form to master domain.

2. master domain, logs user into master and redirects back to site1.com/sso?token=uhytchvgjb

3. site1/sso decrypts token and logs user into site1

This logic works fine and makes sense. Now enter "in-context login". ie, js lightbox popup, login, convert page to logged in state.

The above 3 steps can be done in an iframe but then i would need to deploy the use of postMessage to alert the parent window of a successful login. However upon researching, postMessage is not ie friendly (shocker). So I would have to use MessageChannel, but then then seems like extra work for one annoying browser.

Is it possible to use jquery ajax and jsonp? ie, loggin into site1

1. user posts via ajax data to master domain

2. master domain authenticates details and logs in current user and returns in the response a token to the client.

3. the client on receipt of response passes token back to site.com sso check and returns a success to client

4. client then converts page to logged state or redirects to rel logged in page.

The above seems sensible and feasible. The question is, if the JSONP method was used, would the client be logged into the master domain or not?

Answer 1

Yes.

When JSONP request will be sent to secondary website, response may contain setcookie headers. Session cookie can be set for secondary website this way. So, session may be started for it too. And logged-in flag can be set.