I have two rails app. Both have login pages for user authentication. The
two apps have links to one another. Now what i need is when a user logs
in to one app, he should not be again asked for login when he clicks the
link for second app.
My situation is slightly different but hopefully applicable to you. I
have two apps that require a login and have created a third Rails app
that servers as a single sign-on and user management system. The sign-
in process goes roughly like this:
1. Each user (and directly related entities) has a UUID so that
multiple DBs can be synchronised.
2. User enters credentials into SSO app, signs-in, it displays a page
with links to both apps. The links are to session creation actions on
the other apps and contain the user UUID and a hash of several user
attributes including a nonce (one time random token).
3. Using ActiveResource the remote app calls back to the SSO app to
authenticate the UUID and hash and returns the user object (as XML)
which is synchronised into the remote app's DB. The nonce stored on
the SSO users table is reset so links only work once (stops replay
The internal authentication system should be restricted by IP address
or similar to your own apps.
Hope that helps,