Fernando Perez wrote: > I will be managing different websites, let's say: www.site1.com and > www.site2.com > > When a user wants to login on to one of these sites, he will be > redirected to: https://site1.com.mainsite.com > > Once he gives successfully his credentials, I want him to get redirected > to www.site1.com > > I would like to use cookie session store. > > The problem is that when he gets redirected, he still is an anonymous > user. This is because when he logs in at site1.com.mainsite.com, the > session gets set for site1.com.mainsite.com and not for www.site1.com > > Do you know of a solution around that or is it impossible to solve? > > I wanted to set session[:domain] but I get a request forgery error.
You could use an iframe so that the login is made in mainsite.com's cookie domain. Or your redirect could include username and password parameters, suitably hashed and/or encrypted. -- Rails Wheels - Find Plugins, List & Sell Plugins - http://railswheels.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
