Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

cross domain cookies Rails 3

Tags:

ruby-on-rails

ruby-on-rails-3

cross-domain

cookies

I wonder is it possible to get cookies under another domain rather than my current app domain name?

I am building an application which access to another website's api. If the user has already logged in from the other site, my browser will create a cookies under that domain name. For example, user logged in under www.example.com, my browser will store a cookies: cookies['token'] under www.example.com domain. When user visit my website, www.mywebsite.com, how can I get the cookies under www.example.com in my rails server?

Any help is highly appreciate.

like image 556
Someth Victory Avatar asked Jun 11 '12 06:06

Someth Victory

2 Answers

This can be done, but it requires the client, your website, and your other website to all work together. You have a client that knows how to authenticate to site A. It wishes to view site B as the user it knows how to authenticate against site A with. The basic way to accomplish this is to have the client contact site A, authenticate itself, acquire a token from site A that site B can trust, and then hand that token to site B.

Effectively, you want to build a very specific case of OpenID or OAuth. This is certainly possible, but you're going to need to make some changes to www.example.com in order for it to play along. If you're able to do this, great.

Start by reading everything about OAuth. You don't need to use that exactly (although you could), but it will help explain what you need to do: http://hueniverse.com/oauth/

like image 165
Brandon Yarbrough Avatar answered Sep 22 '22 14:09

Brandon Yarbrough

You can share cookies across different subdomains of a domain but you CANNOT share cookies across multiple domain names.

Cookies are stored by the BROWSER and the browser will not allow you to access or store cookies from external domain names. It would be a huge security flaw if browsers did allow you to do this.

You can, however, share session data that is stored on your server between domain names. This may not be completely trivial, but since session information is stored on the SERVER, you can access the information on the server between apps if needed. If your session data is stored in a database, then all that is required is to give database access to both domains. If need be, you could actually open your database to an external domain name and have the external domain directly connect to the database on your server.

like image 43
Michael Frederick Avatar answered Sep 22 '22 14:09

Michael Frederick
Sign in to Comment

Related questions

Switching between different version of rails in same gem set
HTTP requests in transactions?
How to edit a gem at Heroku
How does Bundler utilize Gemfile.lock to load gems?
Devise is sending e-mails with blank bodies when I override it's mailer
Rails test with triggers
Rails respond_with & Rspec controllers: Testing unsuccessful update
keys must be strings or symbols
How do i include Rails join table field in the form?
Authenticity_token in Rails + Android
capistrano: sudo error after after it had been working fine before
Marshal or Serialize an ActiveRecord object
How to manually create users with Devise
Large number of WebSocket connections
Carrierwave upload works in rails console but not in spec
How to stub gmaps4rails geocode functions in rspec tests?
Multi-threading ruby workers on heroku
Database timeout when running RSpec/Capybara with javascript driver
How many dyno hours have been used so far?
Error Installing rails on Ubuntu 10.04

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!