On 24 Nov 2010, at 16:29, Peter De Berdt wrote:
- User enters login data, your app verifies the credentials and writes an expiring token (a few seconds should be enough) to the user table for the user logging in and then redirects to http://external.domain.com/login?token=af8117c03b3f01b20b9360f2fb5fee57 - Your external domain will be able to verify which user it's about and build the session on the external domain. It's very important here that the token you use expires fairly quickly so sessions can't be hijacked.
Or you can even delete the token when your external domain verifies the user token.
This is all assuming all domains use the same app and thus database of course.
Best regards Peter De Berdt -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
