Authentication cookies

rubyonrails-talk
1

I would like to know if it is possible to share Authentication cookies between 2 url's with ruby. Does anyone know how to?

thanks

2

I would like to know if it is possible to share Authentication cookies between 2 url's with ruby. Does anyone know how to?

Well for starters the contents of the authentication cookie needs to contain something the 2 apps understand (assuming it's two different apps), so for example just sticking user.id in the cookie won't be enough if user ids don't match between the 2 apps. Secondly you'll have to set the domain of the cookie appropriately. Normally if you go to foo.bar.com you'll get a cookie valid for foo.bar.com. Instead you need to set the domain of the cookie to '.bar.com' which means that anything ending in bar.com will receive your cookie

Fred

3

Well for starters the contents of the authentication cookie needs to contain something the 2 apps understand (assuming it's two different apps), so for example just sticking user.id in the cookie won't be enough if user ids don't match between the 2 apps. Secondly you'll have to set the domain of the cookie appropriately. Normally if you go to foo.bar.com you'll get a cookie valid for foo.bar.com. Instead you need to set the domain of the cookie to '.bar.com' which means that anything ending in bar.com will receive your cookie

Fred

I forgot to mention that the 2 URL's are completely different but they are using the same database. I'm not sure if this is possible two write one cookie that checks authentication for both sites. If this does not work is there any other way I can do this?

thanks

4

Well for starters the contents of the authentication cookie needs to contain something the 2 apps understand (assuming it's two different apps), so for example just sticking user.id in the cookie won't be enough if user ids don't match between the 2 apps. Secondly you'll have to set the domain of the cookie appropriately. Normally if you go to foo.bar.com you'll get a cookie valid for foo.bar.com. Instead you need to set the domain of the cookie to '.bar.com' which means that anything ending in bar.com will receive your cookie

Fred

I forgot to mention that the 2 URL's are completely different but
they are using the same database. I'm not sure if this is possible two
write one cookie that checks authentication for both sites. If this does not work is there any other way I can do this?

In that case you can't share a cookie. Have you considered OpenID ?

Fred

5

Frederick Cheung wrote:

6

Frederick Cheung wrote:

In that case you can't share a cookie. Have you considered OpenID ?

Fred

I'm not familiar with that what is it?

There's a rails plugin for it

Fred

7

Frederick Cheung wrote: