Or you could do it with REST... which is more the rage in the rails
world these days.
Scaffold resource yourself a Login model in app 2... you'd probably want
user info and an expiration time (probably keep it less than a minute).
Then app 1 POSTs the xml to app 2 and gets back a response with the url
of the created login in the Location header.
App 1 can then redirect the user to that url and you make the
logins_controller check the expiration time and then log the user in on
the second system.
For security reasons, you may want to use a uid instead of the id in the
redirect url. Also, you'll want to be careful that only app 1 can make
that REST call to app 2.