Hi, I am having a hard time here. I will be managing different websites, let''s say: www.site1.com and www.site2.com When a user wants to login on to one of these sites, he will be redirected to: https://site1.com.mainsite.com Once he gives successfully his credentials, I want him to get redirected to www.site1.com I would like to use cookie session store. The problem is that when he gets redirected, he still is an anonymous user. This is because when he logs in at site1.com.mainsite.com, the session gets set for site1.com.mainsite.com and not for www.site1.com Do you know of a solution around that or is it impossible to solve? I wanted to set session[:domain] but I get a request forgery error. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Mark Reginald James
2008-Oct-21 22:17 UTC
Re: Re-using session data over different domain names
Fernando Perez wrote:> I will be managing different websites, let''s say: www.site1.com and > www.site2.com > > When a user wants to login on to one of these sites, he will be > redirected to: https://site1.com.mainsite.com > > Once he gives successfully his credentials, I want him to get redirected > to www.site1.com > > I would like to use cookie session store. > > The problem is that when he gets redirected, he still is an anonymous > user. This is because when he logs in at site1.com.mainsite.com, the > session gets set for site1.com.mainsite.com and not for www.site1.com > > Do you know of a solution around that or is it impossible to solve? > > I wanted to set session[:domain] but I get a request forgery error.You could use an iframe so that the login is made in mainsite.com''s cookie domain. Or your redirect could include username and password parameters, suitably hashed and/or encrypted. -- Rails Wheels - Find Plugins, List & Sell Plugins - http://railswheels.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Fernando Perez
2008-Oct-21 22:18 UTC
Re: Re-using session data over different domain names
Crap, by laying back, I just figure out, that what I am trying to do is a kind of XSS attack. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Fernando Perez
2008-Oct-21 22:27 UTC
Re: Re-using session data over different domain names
> Or your redirect could include username and password parameters, > suitably hashed and/or encrypted. >I like this idea very much. Thank you for the tip. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---