Hi,<div><br></div><div>I'm trying to integrate OpenID into my webapp, but it's working a little differently than I expected. </div><div><br></div><div>1) When a new user comes to my site, I have to authenticate them - this means they need to either get redirected to their provider, or the provider needs to have a popup window capability for authentication while still at my site. The redirect is a little jarring, the popup is better, but does anyone find that some users are confused by it/think it's a phishing deal?</div>
<div><br></div><div>2) After authentication is complete, I can write my own session cookie so that if the user revisits my site, I can try to automatically log them back in to my app without re-authenticating through openid. I heard about this Facebook/Google deal where if you're logged into gmail, somehow you're already authenticated for Facebook. If this is true, how would this work? When I first started looking at OpenID, I was hoping the same could work for my webapp. Since most users are logged into gmail anyway, when they visit my site, I could see them as already authenticated with Google and skip step #1? This would be similar to an auto-login.</div>
<div><br></div><div>Thanks for any info </div>