开发者

Sharing authentication between forum and main CMS in Rails

开发者 https://www.devze.com 2023-01-02 16:45 出处:网络
I have a Rails forum product that resides under the subdomains of my customers (i.e. http://forum.customer.com).Their main site has a CMS and an authentication system, and my forum product has a separ
相关专题:ruby-on-rails

I have a Rails forum product that resides under the subdomains of my customers (i.e. http://forum.customer.com). Their main site has a CMS and an authentication system, and my forum product has a separate authentication system. Is there an elegant way to have "cross-signins" across these systems? I want s开发者_开发技巧omeone already logged into the main CMS to seamlessly (as possible) transition into my product.

It all depends on how the main site keeps track of the user's session.

This is usually done using a cookie; I'm just going to assume it is. The browser stores this cookie with the domain it came from, and will attach it again with any new request going to that domain or a subdomain of it.

You will want to check that the cookie is attached to the customer.com domain, and not for example www.customer.com. This is because forum.customer.com is a subdomain of the former, but not the latter. You won't see the cookie at all in your forum software in the latter case. The CMS software has some control over which exact domain the cookie is attached to.

Most browsers have an option to show you which cookies are stored for a particular site. Firefox, for example, has a “Page info” option in the right click menu. In Chrome, you can hit Ctrl+Shift+I to get to the developer tools, and look under the “Storage” tab.

The cookie likely contains one of the following:

  • Actual data, such as the username.
  • A session ID that the CMS can look up in it's database, and thus retrieve the username.

In either case, it is also likely a salted hash is included, which prevents the user from tampering with the cookie's data.

You can access the cookie in Rails by name, using simply cookies[:something] from within your controller. This is documented in ActionController::Cookies, (which is mixed into ActionController::Base).

Once you have the cookie's data, you'll have to imitate whatever your CMS does. You'll probably have to (in order):

  • Verify the cookie's integrity, by (re-)applying a hash function to the cookie data, and comparing that to the hash included with the cookie.
  • Connect to the CMS database.
  • Possibly query for the session ID.
  • Query for the user's profile.
0

上一篇:

:下一篇

更多 问答 相关资讯:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

关注公众号

热门标签

图文推荐

Delphi - Custom drawing a message list

Delphi - Custom drawing a message list
C++ header-only include pattern

C++ header-only include pattern
IE7 Margin Collapses Into Padding

IE7 Margin Collapses Into Padding
in CoffeeScript, how can I use a variable as a key in a hash?

in CoffeeScript, how can I use a variable as a key in a hash?
Interactive visualization of a graph in python [closed]

Interactive visualization of a graph in python [closed]
How to customise PHP MYSQL tables?

How to customise PHP MYSQL tables?
High quality, simple random password generator

High quality, simple random password generator
Image Recognition ApI in android

Image Recognition ApI in android

开发者开发者网给大家分享系统运维,大数据运维,云计算,编程开发技巧,路由交换,运维和开发相关的资讯及技术文章,同时StackOverflow中文社区,知识经验交流分享。

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,如存在版权或非法内容,欢迎举报,我们将尽快予以删除。邮箱:devze@qq.com

Copyright © 2018-2020 开发者. All rights reserved. Powered by 开发者ICP备案号: 京ICP备10032868号-9