How can I share user sessions across multiple domains using Rails?

Question

Is anyone aware of any gems, tutorials, or solutions enabling a user to sign in to a website at one domain and automatically given access to other partner domains in the same session?

I have two rails apps running, let's call them App-A and App-B. App-A has a database associated with it, powering the registration and login at App-A.com. I'd now like to give all of those users with App-A.com accounts access to App-B.com, without making them reregister or manually login to App-B.com separately.

Thanks in advance for any help! --Mark

Answer 1

You can set the same session_key in both apps. In appA environment.rb change the session_key, like this

Rails::Initializer.run do |config|
   ...  
 config.action_controller.session = {
   :session_key => '_portal_session',
   :secret      => '72bf006c18d459acf51836d2aea01e0afd0388f860fe4b07a9a57dedd25c631749ba9b65083a85af38bd539cc810e81f559e76d6426c5e77b6064f42e14f7415'
  }
  ...
end

Do the same in AppB. (remember to use the very same secret)

Now you have shared sessions. Let's say you use restfull_authentication, wich sets a session variable called user_id. When you authenticate in appA it sets the user_id in the session. Now, in appB you just have to verify if user_id exists in the session.

This is the overall schema, you can elaborate more using this idea.

Answer 2

If you want to create single sign-on solution for your applications then I recommend to take a look at RubyCAS solution. It could be used also to provide single sign-on for other non-Rails applications as well as you can integrate authentication with LDAP or other authentication providers.