Okay, I think I may be seeing sense. Rather than worry about rails internals, and seeing that it is only logon information (a user id) that I need to share, I've decided to roll my own solution. Bearing in mind that the apps I'm talking about are all internal, this is what I'm going to do: Create a plugin that relies on a ModLink model with app names & urls, and a User model that has an id and a mod_link_hash field. Then, when one app wishes to jump to another, the url will be for a controller specified in the plugin (called ModLinks, I guess), and an action called jump or something. That action will call the url of the other application, with the ModLink controller's land (or whatever) action specified. The reason this should work is that the jump method will create a random hash that it will store in the logged-in user's mod_link_hash field, that it will pass with the url of the request to land in the other app, along with the user id. The land app will get the user id, find that user, compare the passed-in hash to the user's mod_link_hash field, and if they match, will register that user as logged in to that app. In this way, I can insulate myself from changes to rails as it becomes the 3.0 merb dream. I'm no security expert, but beleive that should be ok for apps running inside a trusted environment, no? Cheers for all input. Doug.
--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "NWRUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nwrug-members?hl=en -~----------~----~----~----~------~----~------~--~---
