Session Exchange between Ruby and PHP

Question

Session Exchange between Ruby and PHP

Can I split a session between my PHP application on a subdomain and my Ruby applications on my other subdomains?

I don’t know where to get it from here. I know that I can manually set the domain to the root so that the cookie is valid for all subdomains, but how do I get / install material from / to the session so that it is shared through subdomains?

Basically I want to use this to share the login for all my subdomains.

For knowledge, if this is the wrong approach to the problem, although feasible, I would like to understand how to do it, and why I should not.

Thanks everyone!

+6

ruby php subdomain single-sign-on

Olivier tremblay Jun 22 '10 at 21:56

source share

2 answers

This can be resolved by applications using the same database, and with a little help from cookies.

Session open in php
- Create a cookie with a random string in it
- Save the row in the database with user credentials and timestamp
Rail Session
- Check if cookie exists
- Search string in cookie from database
- If a match is found, the session is accepted and the same user credentials can be used.

It would be wise to store some unique information on the workstation or in the browser in order to steal the session, while copying the cookie would not work.

+2

salchams Jun 22 '10 at 22:10

source share

David titarenco · Accepted Answer · 2010-06-22T22:07:50+0000

If you want to share sessions (via PHP / Java / Ruby / etc), you need to save the sessions (and access them) from the database.

See: http://php.net/manual/en/function.session-set-save-handler.php

And you will need the same approach in Ruby.

To share cookies by domain, you also need to change the default PHP session configuration parameter for session.cookie_domain to "" (which inserts your domain name) into: ".yourhost.com" (note the prefix period).

Session Exchange between Ruby and PHP

More articles: