Cookies - I may be crazy with ruby/rails_问答_开发者

Cookies - I may be crazy with ruby/rails

开发者 https://www.devze.com 2023-04-06 01:38 出处：网络

Is it possible to login with 开发者_JAVA百科net/http or curl, save the cookie response then write that cookie to the users browser so I can \"push login\" (in a sense)?

Is it possible to login with 开发者_JAVA百科net/http or curl, save the cookie response then write that cookie to the users browser so I can "push login" (in a sense)?

Is there another way of doing this, is this even possible, or am I simply crazy?

I'm aware of how I can login with net/http save the cookie and do things serverside.

I just don't want to spend the time saving the cookie to the database and then writing it to a browser and when successful redirect the browser if this isn't possible because of security restrictions.

You can only write cookies for the current domain - so if you're wishing to effectively connect to domainb.com from domaina.com over net/http, read the cookie returned from domainb.com and preset that for the user before redirecting them to domainb.com, then that won't work.

However, if you simply want to read the returned cookies from domainb.com and effectively duplicate them on domaina.com then there is no reason you can't do that. Something like:

# perform your request...
# once the response has been returned, loop through each cookie
response.get_fields('set-cookie').each do |cookie|
  # set your local cookie here
end

If you want to implement automatic login between 2 domains, the best way I've found to do it is:

1) domaina.com says "hey I've got user ABC here, can I have an auth token for them?" to domainb.com's API. 2) domainb.com's API creates a token for that user, limiting expiry to say 1 minute, then sends that as a response to domaina.com 3) domaina.com redirects the user to domainb.com with the authentication token passed as a parameter 4) domainb.com receives the user's request (from the redirect), looks up the token in the DB, then automatically logs the user in, if it's found

Of course that does require that you control the systems of both domains... if you don't the likelihood is that oauth will be your best mechanism of cross-site authentication.

This sounds like a good fit for authentication_token based login, where as long as the link is correct (e.g. http://www.example.com/posts/new?auth_token=1asdfj2828728we924834), the user is auto-logged in. Check out Devise: http://www.hyperionreactor.net/blog/token-based-authentication-rails-3-and-rails-2