Rails - Jul 2008 - Accessing session data from another application

Hi,

I have my main Rails site running and the user_id is stored inside the
session. How can I access that info from within another application?

How do I decypher the session?
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

On Jul 7, 8:26 pm, Fernando Perez
<rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org>
wrote:
> Hi,
>
> I have my main Rails site running and the user_id is stored inside the
> session. How can I access that info from within another application?
>
> How do I decypher the session?
What session store are you using?

Fred
> --
> Posted viahttp://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Frederick Cheung wrote:
> On Jul 7, 8:26�pm, Fernando Perez
<rails-mailing-l...-ARtvInVfO7m5VldFQK4jKA@public.gmane.orgt>
> wrote:
>> Hi,
>>
>> I have my main Rails site running and the user_id is stored inside the
>> session. How can I access that info from within another application?
>>
>> How do I decypher the session?
> 
> What session store are you using?
> 
> Fred
If you use :cookie_session_store (the default in Rails2), and use the 
same application secret between the two applications,
and you set a domain specific cookie, both should be able to access the 
same cookie.

config.action_controller.session = {
    :session_key => ''_my_app_session'',
    :secret      => 
''8ab332268appf980149adb591f20bfbb219a2029c5d7ee3c55c7a7439f6aed24d8a787591522adb1b2e16bd83b648642cf0ccfbfb10528bd4f47b9551012c1d''
  }
config.action_controller.session_store = :cookie_session_store
config.action_controller.session_options[:session_domain] = 
"mydomain.com"

if you have that the same in both,
and your two applications run on app1.mydomain.com and app2.mydomain.com

that should be sufficient...

let me know if I''m wrong.

Mj

http://workingwithrails.com/person/12394-matthew-rudy-jacobs

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Hi thanks for your answers.

I am using cookie based session store. My second app is not a Rails app, 
it a php script. So from that php script how can I use the secret key 
"8ab...." to decrypt the info inside the session?


Best regards,
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

On 8 Jul 2008, at 09:40, Fernando Perez wrote:
>
> Hi thanks for your answers.
>
> I am using cookie based session store. My second app is not a Rails  
> app,
> it a php script. So from that php script how can I use the secret key
> "8ab...." to decrypt the info inside the session?
>
It''s not a decryption key (ie the session is not encrypted). Consider  
a typical session:

BAh7BzoPdGV4cGVydF9pZGkE1pM2MiIKZmxhc2hJQzonQWN0aW9uQ29udHJv%0AbGx
lcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA%3D 
%3D--3729a7892e049aafce7e6e4db4210
84f5886e4a9

The first bit (before the --) is the session itself. The second part  
is a cryptographically strong checksum of that data (using the secret  
set in environment.rb)
The session data is just a Marshal.dump of the session, base64  
encoded. In ruby you can load it with

Marshal 
.load 
(CGI 
.unescape 
( "BAh7BzoPdGV4cGVydF9pZGkE1pM2MiIKZmxhc2hJQzonQWN0aW9uQ29udHJv 
%0AbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA%3D 
%3D").unpack(''m*'').first)

The hard bit for your php app will be implementing Marshal.load (if  
you''re lucky, someone has already done this).

Fred
> Best regards,
> -- 
> Posted via http://www.ruby-forum.com/.
>
> >

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Fernando Perez wrote:
> Hi thanks for your answers.
> 
> I am using cookie based session store. My second app is not a Rails app, 
> it a php script. So from that php script how can I use the secret key 
> "8ab...." to decrypt the info inside the session?
> 
> 
> Best regards,
hmm...
maybe ignore that then.

so what is your setup,
what is your requirement?

If you can access the same database,
then you could do something like

adding a column
add_column :users, :session_key, :string

then when someone logs in

current_session_key = @current_user.set_session_key # create a random, 
unique string, and save it

cookie[:my_session_key] = {:domain => "mydomain.com", :value => 
current_session_key}


then in the php app

you''ll get sent the "my_session_key" cookie
and do the equivalent of 
User.find_by_session_key(cookie[:my_session_key])

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

My users are currently logging in using restful_authentication inside 
the rails app, so what I want is to retrieve the user_id from within my 
php app so that I can identify who is the user who is sending me the 
request.

The best solution would be to find a way to unmarshal the cookie data 
from within php, but if that is too complicated to do (although the data 
is only a string) then I will use Mat''s solution.

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---