Can Sessions scope cross multi-apps? single sign-on?

greg · August 25, 2006, 1:13pm

Hi,

Anyone know whether the scope of Rails Sessions can cross multiple web
applications?

Can I build my user management (registration, authentication, managing
roles, profile management) in a single rails web application and to be
shared with other web applications? (assuming they are deployed on the
same hosted server)

If yes what would be the constaints? Would the web applications have to
share the same domain name? Could sub-domains be used for each web
application, or would all the apps have to be in the same domain
specifically (c.f. use of sub-domains). That is could I have
http://app1.mydomain.com/, and http://app2.mydomain.com, and
http://usermanagement.mydomain.com?

Tks

greg · August 26, 2006, 11:05am

bump - still interested any anyone knows the answer to this one?

greg · August 26, 2006, 11:38am

Do your apps share the same database? If so, then it sounds pretty
easy.
You’d want to make sure that your cookie scope is set to use the entire
domain rather than just the host (domain.com instead of
user.domain.com),
and the cookie can be used on any app within that domain scope.

Just throwing this out. I think it could work.

greg · September 4, 2006, 2:46pm

Tks Michael - would this be a manual activity I’d have to do (i.e. this
wouldn’t work by default?). I could use the rails cookie mechanisms
then I
guess?

greg · September 5, 2006, 5:51pm

From what I can recall, the cookie is set to a host specifc scope
instead of
the entire domain. So yeah, you’d have to alter it.