tags:

views:

71

answers:

2
+2  Q: 

Sharing a session between Ruby and PHP

Is it possible to share a session between my PHP app on a subdomain and my Ruby apps on my other subdomains?

I don't really know where to take it from here. I know I can manually set the domain to the root one so that the cookie is valid for all the subdomains, but how would I get/set stuff from/to the session so that it's shared across the subdomains?

I mainly want to use this to share login for my whole subdomains.

For the sake of knowledge, if it is the wrong approach to the problem, albeit a doable one, I'd like to understand both how to do it, and why should I not.

Thank you all!

+2  A: 

If you want to share sessions in that manner (accross PHP/Java/Ruby/etc), you need to save sessions (and access them) from a Database.

See: http://php.net/manual/en/function.session-set-save-handler.php

And you would need an identical approach in Ruby.

To share cookies across domains, you also need to change the PHP session configuration option for session.cookie_domain from the default of "" (which inserts your domain name) to: ".yourhost.com" (note the prefixed period).

David Titarenco  2010-06-22 22:07:50
+2  A: 

This could be solved with apps sharing the same database and with a little help of cookies.

  • Session opened in php
    • Create a cookie with random string in it
    • Save the string in database with user credentials and timestamp
  • Session forwarded to rails
    • Check if the cookie exists
    • Search the string in cookie form the database
    • If match is found, then session is accepted and the same user credentials could be used

It would be wise to store some kind of unique information of the workstation or the browser, so that stealing the session, with copying the cookie wont work.

salchams  2010-06-22 22:10:05
What kind of unique info should I store? And what kind of random string should I generate? If I hashed together some information about the host, would it be "safe enough"? Like, a MD5 hash containing the remote host and remote address? With that I could "match" the info on the server side... Help? :P
MrZombie  2010-06-23 12:20:16
You got it right. Unique information could be MD5 hash (even better if it is SHA) of remote host ip + user agent row from http header + a salt.
salchams  2010-06-25 20:22:46

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases