Sharing a session between Ruby and PHP

Question

Is it possible to share a session between my PHP app on a subdomain and my Ruby apps on my other subdomains?

I don't really know where to take it from here. I know I can manually set the domain to the root one so that the cookie is valid for all the subdomains, but how would I get/set stuff from/to the session so that it's shared across the subdomains?

I mainly want to use this to share login for my whole subdomains.

For the sake of knowledge, if it is the wrong approach to the problem, albeit a doable one, I'd like to understand both how to do it, and why should I not.

Thank you all!

Answer 1

If you want to share sessions in that manner (accross PHP/Java/Ruby/etc), you need to save sessions (and access them) from a Database.

See: http://php.net/manual/en/function.session-set-save-handler.php

And you would need an identical approach in Ruby.

To share cookies across domains, you also need to change the PHP session configuration option for session.cookie_domain from the default of "" (which inserts your domain name) to: ".yourhost.com" (note the prefixed period).

Answer 2

This could be solved with apps sharing the same database and with a little help of cookies.

• Session opened in php
  • Create a cookie with random string in it
  • Save the string in database with user credentials and timestamp
• Session forwarded to rails
  • Check if the cookie exists
  • Search the string in cookie form the database
  • If match is found, then session is accepted and the same user credentials could be used

It would be wise to store some kind of unique information of the workstation or the browser, so that stealing the session, with copying the cookie wont work.