Forum: Ruby on Rails How can I read a cookie set on another subdomain by a non-Rails app?

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Andy (Guest)
on 2009-05-22 18:25
(Received via mailing list)
I'm trying to build some single sign on functionality into our web
application.

There's community site on a subdomain:  i.e.  community.domain.com

The Rails app is on:  www.domain.com

When I inspect the cookies, I don't see any of the
"community.domain.com" cookies.

In "production.rb", I have this:
ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS.update
(:session_domain => '.domain.com')

That doesn't seem to help.

How can I get my "www" app to read from the "community" subdomain?

Thanks,
Andy
Frederick C. (Guest)
on 2009-05-22 18:37
(Received via mailing list)
On May 22, 3:24 pm, Andy <removed_email_address@domain.invalid> wrote:

> In "production.rb", I have this:
> ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS.update
> (:session_domain => '.domain.com')
>
> That doesn't seem to help.
>
> How can I get my "www" app to read from the "community" subdomain?
>
what is the app setting the cookies doing ? if it's setting them for
community.domain.com rather than .domain.com then you can't get them
because the browser won't be sending them

Fred
Andy (Guest)
on 2009-05-22 19:02
(Received via mailing list)
I have no control over what the "community.domain.com" server does.
It's a hosted application.

So you're saying that the browser won't be sending cookies from
"community.domain.com" for use on other subdomains?

Thanks,
Andy



On May 22, 10:37 am, Frederick C. <removed_email_address@domain.invalid>
Frederick C. (Guest)
on 2009-05-22 19:40
(Received via mailing list)
On May 22, 4:01 pm, Andy <removed_email_address@domain.invalid> wrote:
> I have no control over what the "community.domain.com" server does.
> It's a hosted application.
>
> So you're saying that the browser won't be sending cookies from
> "community.domain.com" for use on other subdomains?
>
correct (see http://tools.ietf.org/html/rfc2965 ) (unless the
subdomain was something.community.domain.com)

Fred
This topic is locked and can not be replied to.