Peter De Berdt wrote in post #963598: > Or you can even delete the token when your external domain verifies > the user token. > > This is all assuming all domains use the same app and thus database of > course.
Hi Peter, the last solutions seems the best one imho... i'll look better into it Unfortunately i'm from the old school where every login page should be on a ssl page.... and with firesheep around it would be better on every page, but that would be very complicated in this case. In the current app i'll think if it's so important to have the ssl or if i can get the auth using other methods (ie. fb connect/openid/etc), but for another big app there will be problems as it will need it and it would be better full ssl protected, but i don't think it would be fully possible... :( Thanks for your hints! -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
