Why aren't logins shared across domains?

Subdomains with the same primary domain

In order for users to remain logged in across subdomains it is necessary to set the cookie domain as described in Configuring settings.php. In short, to remain logged in across subdomains the $cookie_domain value in your settings.php file needs to be set to '.example.com'.

Different primary domains

It is not possible to use Domain Access to keep users logged in across different primary domains. While the module allows the creation of domains with different hosts, security standards dictate that cookies can only be read from the issuing domain. As a result, you may configure your site as follows, but when you do so, users cannot be logged through a single sign in.

• example.com
• myexample.com
• thisexample.com

This is an internet standard, not a bug. See the Drupal core INSTALL.txt for instructions regarding Drupal's default cookie handling.

If you want to share users across different primary domains it is possible to do so using one of the single sign on modules available for Drupal. A partial list and some discussion is available on Groups.Drupal. If you decide to use the Single Sign On module please note that since it requires at least two separate Drupal sites it is necessary to maintain a second site that is not part of the Domain Access installation.