Rails - Apr 2009 - Using same user credentials across multiple connected apps

Hi,

I have a requirement in my project, where i need to create multiple apps
that need to be integrated. One of the apps would be used for authentication
that uses Authlogic. I need a single sign-on solution, so that once a user
is logged in he remains logged-in for all the other apps as well.

Now, the user_session being created in the auth app, is not accessible in
the other apps. Is there a way i can share a user_session between multiple
apps.

Here is some code i am using in the other apps: http://pastie.org/455710

If anyone has faced a similar issue, please point me to some possible
solutions.

Regards.


-- 
Sahil

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

On Apr 24, 8:28 am, Sahil Dave
<sahil.dav...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> Hi,
>
> I have a requirement in my project, where i need to create multiple apps
> that need to be integrated. One of the apps would be used for
authentication
> that uses Authlogic. I need a single sign-on solution, so that once a user
> is logged in he remains logged-in for all the other apps as well.
>
you can use something like http://code.google.com/p/rubycas-server/

Fred
> Now, the user_session being created in the auth app, is not accessible in
> the other apps. Is there a way i can share a user_session between multiple
> apps.
>
> Here is some code i am using in the other apps:http://pastie.org/455710
>
> If anyone has faced a similar issue, please point me to some possible
> solutions.
>
> Regards.
>
> --
> Sahil

On Apr 24, 12:40 pm, Frederick Cheung
<frederick.che...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> On Apr 24, 8:28 am, Sahil Dave
<sahil.dav...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Hi,
>
> > I have a requirement in my project, where i need to create multiple
apps
> > that need to be integrated. One of the apps would be used for
authentication
> > that uses Authlogic. I need a single sign-on solution, so that once a
user
> > is logged in he remains logged-in for all the other apps as well.
>
> you can use something likehttp://code.google.com/p/rubycas-server/
>
thanks for the link to this nice gem. but can i share the same
session_id across multiple sub-domains on the same server, without
using the above gem?

On Apr 24, 10:57 am, sahil
<sahil.dav...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> On Apr 24, 12:40 pm, Frederick Cheung
<frederick.che...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
> wrote:
>
> > On Apr 24, 8:28 am, Sahil Dave
<sahil.dav...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Hi,
>
> > > I have a requirement in my project, where i need to create
multiple apps
> > > that need to be integrated. One of the apps would be used for
authentication
> > > that uses Authlogic. I need a single sign-on solution, so that
once a user
> > > is logged in he remains logged-in for all the other apps as well.
>
> > you can use something likehttp://code.google.com/p/rubycas-server/
>
> thanks for the link to this nice gem. but can i share the same
> session_id across multiple sub-domains on the same server, without
> using the above gem?
you can. If my memory is correct, the :session_domain option allows
you to set the domain the session cookie is saved under. (this does of
course assume that contents of the session will be meaningful to all
the apps).

Fred

On Apr 27, 8:28 am, sahil
<sahil.dav...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> On Apr 24, 3:05 pm, Frederick Cheung
<frederick.che...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
> wrote:
>
> > you can. If my memory is correct, the :session_domain option allows
> > you to set the domain the session cookie is saved under. (this does of
> > course assume that contents of the session will be meaningful to all
> > the apps).
>
> ok, i have the set the 2 apps to use the same session_domain, like
> this
> ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS.update
> (:session_domain => ''.localhost.com'')
>
> i am also using the same secret key across both apps, as cookies are
> found using that key. But still this does not work! Maybe its because
> i am using authlogic and it has its own way of finding the user in the
> current_session.
Check that the cookie that contains the session is actually being set
under the right domain (and in development you''ll need to fakeup some
domains eg app1.mydomain.local, app2.mydomain.local).

Fred

On Apr 27, 12:37 pm, Frederick Cheung
<frederick.che...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> Check that the cookie that contains the session is actually being set
> under the right domain (and in development you''ll need to fakeup
some
> domains eg app1.mydomain.local, app2.mydomain.local).
i checked the cookies on my browser one is set under localhost.com and
other under blog.localhost.com, i have set these in /etc/hosts.
Also, :session_domain => ".localhost.com"

But there is one difference between the 2.
localhost.com has 2 cookies(one of which is named user_credentials),
while blog.localhost.com has just 1 cookie, whose name is same as the
1st cookie under localhost.com

On Apr 27, 10:03 am, sahil
<sahil.dav...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> On Apr 27, 12:37 pm, Frederick Cheung
<frederick.che...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
> wrote:
>
> > Check that the cookie that contains the session is actually being set
> > under the right domain (and in development you''ll need to
fakeup some
> > domains eg app1.mydomain.local, app2.mydomain.local).
>
> i checked the cookies on my browser one is set under localhost.com and
> other under blog.localhost.com, i have set these in /etc/hosts.
> Also, :session_domain => ".localhost.com"
>
> But there is one difference between the 2.
> localhost.com has 2 cookies(one of which is named user_credentials),
> while blog.localhost.com has just 1 cookie, whose name is same as the
> 1st cookie under localhost.com
Maybe authlogic sets it own cookies. I''d delve into authlogic and see
how it decides which domain to use for its cookies.

Fred

Hi Sahil,

Were you able to figure out the solution to this problem? I''ve seen the
same behavior but have not delved into the internals of authlogic.

Ravi.

Frederick Cheung wrote:
> On Apr 27, 10:03�am, sahil
<sahil.dav...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>>
>> But there is one difference between the 2.
>> localhost.com has 2 cookies(one of which is named user_credentials),
>> while blog.localhost.com has just 1 cookie, whose name is same as the
>> 1st cookie under localhost.com
> 
> Maybe authlogic sets it own cookies. I''d delve into authlogic and
see
> how it decides which domain to use for its cookies.
> 
> Fred
-- 
Posted via http://www.ruby-forum.com/.

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

Hi,
I''ve described SSO solution with authlogin in my blog 
(http://bit.ly/ajGym2). This post is in Russian, but you can use Google 
Translate or ask me :)

Sahil Dave wrote:
> Hi,
> 
> I have a requirement in my project, where i need to create multiple apps
> that need to be integrated. One of the apps would be used for 
> authentication
> that uses Authlogic. I need a single sign-on solution, so that once a 
> user
> is logged in he remains logged-in for all the other apps as well.
> 
> Now, the user_session being created in the auth app, is not accessible 
> in
> the other apps. Is there a way i can share a user_session between 
> multiple
> apps.
> 
> Here is some code i am using in the other apps: http://pastie.org/455710
> 
> If anyone has faced a similar issue, please point me to some possible
> solutions.
> 
> Regards.
> 
> 
> --
> Sahil
-- 
Posted via http://www.ruby-forum.com/.

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

Ooh, i''ve forgot to tell that there are one problem - this solution
does
not working in Opera browser, because Opera does not support session 
sharing for subdomains :(

Alexey Poimtsev wrote:
> Hi,
> I''ve described SSO solution with authlogin in my blog 
> (http://bit.ly/ajGym2). This post is in Russian, but you can use Google 
> Translate or ask me :)
> 
-- 
Posted via http://www.ruby-forum.com/.

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.