views:

101

answers:

2

Hi,

I have a simple Ruby on rails application that I want to integrate with an existing php website. I only want that users who's been authenticated by the php application would have access to my Ruby on Rails application (it should appear to the user as the same website, in the same domain, though it can be a different sub-domain if I chose to) What's the best way to do that?

Thanks for the help,

Li

+2  A: 

The easiest way is to make use of cookies. In the PHP application, this cookie gets set, and the RoR application can read it's value.

But with cookies you'll have to watch out for security, because the contents of the cookie can be set manually, and cookies can also be copied, which allows for stealing another persons cookie.

Another option could be a session which is stored in a database both applications can make use of. The advantage of this option is that the contents of the session is stored on the server, and it can't be altered. The only thing you would have to handle is to identify the user belonging to the cookie.

Ikke
+2  A: 

The most common way to keep a user logged in is to store something like current_user_id:777 in the user's session. Therefore, the easyest way is to share the session between the Rails app and the PHP app. Then, you must use the same convention to store the identity of a logged in user.

A way to do this is to use memcached as the session support.

Problems with this approach: you could set/read the same session variable in the same time from both apps (but it can be avoided).

References:

Storing your php sessions using memcached

Usind memcache as rails session store

Vlad Zloteanu