Accessing session data from another application

Hi,

I have my main Rails site running and the user_id is stored inside the
session. How can I access that info from within another application?

How do I decypher the session?

Hi,

I have my main Rails site running and the user_id is stored inside the
session. How can I access that info from within another application?

How do I decypher the session?

What session store are you using?

Fred

Frederick Cheung wrote:

Hi,

I have my main Rails site running and the user_id is stored inside the
session. How can I access that info from within another application?

How do I decypher the session?

What session store are you using?

Fred

If you use :cookie_session_store (the default in Rails2), and use the
same application secret between the two applications,
and you set a domain specific cookie, both should be able to access the
same cookie.

config.action_controller.session = {
    :session_key => '_my_app_session',
    :secret =>
'8ab332268appf980149adb591f20bfbb219a2029c5d7ee3c55c7a7439f6aed24d8a787591522adb1b2e16bd83b648642cf0ccfbfb10528bd4f47b9551012c1d'
  }
config.action_controller.session_store = :cookie_session_store
config.action_controller.session_options[:session_domain] =
"mydomain.com"

if you have that the same in both,
and your two applications run on app1.mydomain.com and app2.mydomain.com

that should be sufficient...

let me know if I'm wrong.

Mj

http://workingwithrails.com/person/12394-matthew-rudy-jacobs

Hi thanks for your answers.

I am using cookie based session store. My second app is not a Rails app,
it a php script. So from that php script how can I use the secret key
"8ab...." to decrypt the info inside the session?

Best regards,

Hi thanks for your answers.

I am using cookie based session store. My second app is not a Rails
app,
it a php script. So from that php script how can I use the secret key
"8ab...." to decrypt the info inside the session?

It's not a decryption key (ie the session is not encrypted). Consider
a typical session:

BAh7BzoPdGV4cGVydF9pZGkE1pM2MiIKZmxhc2hJQzonQWN0aW9uQ29udHJv%0AbGx
lcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA%3D
%3D--3729a7892e049aafce7e6e4db4210
84f5886e4a9

The first bit (before the --) is the session itself. The second part
is a cryptographically strong checksum of that data (using the secret
set in environment.rb)
The session data is just a Marshal.dump of the session, base64
encoded. In ruby you can load it with

Marshal
.load
(CGI
.unescape
( "BAh7BzoPdGV4cGVydF9pZGkE1pM2MiIKZmxhc2hJQzonQWN0aW9uQ29udHJv
%0AbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA%3D
%3D").unpack('m*').first)

The hard bit for your php app will be implementing Marshal.load (if
you're lucky, someone has already done this).

Fred

Fernando Perez wrote:

Hi thanks for your answers.

I am using cookie based session store. My second app is not a Rails app,
it a php script. So from that php script how can I use the secret key
"8ab...." to decrypt the info inside the session?

Best regards,

hmm...
maybe ignore that then.

so what is your setup,
what is your requirement?

If you can access the same database,
then you could do something like

adding a column
add_column :users, :session_key, :string

then when someone logs in

current_session_key = @current_user.set_session_key # create a random,
unique string, and save it

cookie[:my_session_key] = {:domain => "mydomain.com", :value =>
current_session_key}

then in the php app

you'll get sent the "my_session_key" cookie
and do the equivalent of
User.find_by_session_key(cookie[:my_session_key])

My users are currently logging in using restful_authentication inside
the rails app, so what I want is to retrieve the user_id from within my
php app so that I can identify who is the user who is sending me the
request.

The best solution would be to find a way to unmarshal the cookie data
from within php, but if that is too complicated to do (although the data
is only a string) then I will use Mat's solution.