Session shared amongst different domains (not just sub-domains)
22 views
Skip to first unread message
Jordan Elver
Nov 29, 2010, 9:31:04 AM11/29/10
to Authlogic
Hi,
I have an application where the customer is given a
subdomain.domain.com address. They login at this address and
everything works great. The customer also has the ability to map a
custom domain to their account which points to our IP. What I need to
be able to do is login at either their subdomain or custom domain and
share the session across the two. Is this possible?
Many thanks,
Jordan
I have an application where the customer is given a
subdomain.domain.com address. They login at this address and
everything works great. The customer also has the ability to map a
custom domain to their account which points to our IP. What I need to
be able to do is login at either their subdomain or custom domain and
share the session across the two. Is this possible?
Many thanks,
Jordan
Nandan Pramanik
Nov 29, 2010, 1:23:04 PM11/29/10
to auth...@googlegroups.com
Hi,
Basically your server setting you can set wild character. That is your a single application that running on (domain.com). Before it will be passed.
You can restrict user on a particular user by your application. And that way if you implement your application you can share the session accross the two.
Nandan
Basically your server setting you can set wild character. That is your a single application that running on (domain.com). Before it will be passed.
You can restrict user on a particular user by your application. And that way if you implement your application you can share the session accross the two.
Nandan
--
You received this message because you are subscribed to the Google Groups "Authlogic" group.
To post to this group, send email to auth...@googlegroups.com.
To unsubscribe from this group, send email to authlogic+...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/authlogic?hl=en.
Jordan Elver
Nov 29, 2010, 2:35:34 PM11/29/10
to Authlogic
Hi,
Thanks for the reply.
> Basically your server setting you can set wild character. That is your a
> single application that running on (domain.com). Before it will be passed.
> You can restrict user on a particular user by your application. And that
> way if you implement your application you can share the session accross the
> two.
If you mean a wildcard DNS entry, that won't work for this because the
custom domain and the subdomain are both different. For example,
subdomain.maindomain.com and www.customdomain.com.
Is that what you mean?
I know you can set the cookie to be the *.maindomain.com so that it
would work for all subdomains, but that isn't an option in this case.
Cheers,
Jordan
Thanks for the reply.
> Basically your server setting you can set wild character. That is your a
> single application that running on (domain.com). Before it will be passed.
> You can restrict user on a particular user by your application. And that
> way if you implement your application you can share the session accross the
> two.
custom domain and the subdomain are both different. For example,
subdomain.maindomain.com and www.customdomain.com.
Is that what you mean?
I know you can set the cookie to be the *.maindomain.com so that it
would work for all subdomains, but that isn't an option in this case.
Cheers,
Jordan
Larry Reaves
Nov 30, 2010, 12:17:26 PM11/30/10
to auth...@googlegroups.com
I'm solving this with an Authlogic daemon. Basically, I'm sharing an
object over DRb[1] that is passed a Rack env variable (which has had
the :session and :cookie objects extended with DRBUndumped to keep
them on the calling client), and returns a DRBUndumped session. Then,
any client can access the daemon over a unix socket. You can also do
an ip port if you need to use it over a network. Getting the right
things extended so they aren't dumped is the only tricky part. If you
decide to go this route and run into any trouble let me know and I'll
help you sort through it
object over DRb[1] that is passed a Rack env variable (which has had
the :session and :cookie objects extended with DRBUndumped to keep
them on the calling client), and returns a DRBUndumped session. Then,
any client can access the daemon over a unix socket. You can also do
an ip port if you need to use it over a network. Getting the right
things extended so they aren't dumped is the only tricky part. If you
decide to go this route and run into any trouble let me know and I'll
help you sort through it
-Larry.
1. http://segment7.net/projects/ruby/drb/introduction.html
Jordan Elver
Dec 1, 2010, 2:55:41 PM12/1/10
to Authlogic
> I'm solving this with an Authlogic daemon. Basically, I'm sharing an
> object over DRb[1] that is passed a Rack env variable (which has had
> the :session and :cookie objects extended with DRBUndumped to keep
> them on the calling client), and returns a DRBUndumped session. Then,
> any client can access the daemon over a unix socket. You can also do
> an ip port if you need to use it over a network. Getting the right
> things extended so they aren't dumped is the only tricky part. If you
> decide to go this route and run into any trouble let me know and I'll
> help you sort through it
Thanks for reply Larry, but I don't quite understand how this would
> object over DRb[1] that is passed a Rack env variable (which has had
> the :session and :cookie objects extended with DRBUndumped to keep
> them on the calling client), and returns a DRBUndumped session. Then,
> any client can access the daemon over a unix socket. You can also do
> an ip port if you need to use it over a network. Getting the right
> things extended so they aren't dumped is the only tricky part. If you
> decide to go this route and run into any trouble let me know and I'll
> help you sort through it
work. So, you share the session data using DRB and access it via a
separate daemon process from two different domains? How would the
cookie situation work? As I understand it, I can't set a cookie from
one domain and have it read from another unless it shares the same
domain i.e. two subdomains can share cookies, but not two unrelated
domains.
Could you clarify if you wouldn't mind :)
Cheers,
Jordan
Larry Reaves
Dec 1, 2010, 5:10:45 PM12/1/10
to auth...@googlegroups.com
There is one process that interacts with the db/authlogic, and
provides an object via DRb that has current_user and current_session
methods. These methods take a Rack env variable.
When a request comes in to an application, the application marks the
env[:cookies] and env[:session] objects to not be copied (ex:
env[:cookies].extend(DRb::DRbUndumped)), then calls
current_session(env) over DRb
Back in the authlogic daemon, the env is wrapped to act like a
"controller" that authlogic lets you set via
Authlogic::Session::Base.controller = your_controller_object
When authlogic saves the session into the session, or into the
cookies, because those are DRbUndumped, the parameters get sent back
to the application. So, the cookies won't be shared, but both cookies
will have the same persistence_token.
I hope that helps.
> Could you clarify if you wouldn't mind :)
>
> Cheers,
> Jordan
>
Larry Reaves
Dec 1, 2010, 5:18:37 PM12/1/10
to auth...@googlegroups.com
Sorry... I just looked at my code and it's env['rack.session'] and
env['rack.cookies'], not env[:session] and env[:cookies]
env['rack.cookies'], not env[:session] and env[:cookies]
Reply all
Reply to author
Forward
0 new messages