Hi,
I have my main Rails site running and the user_id is stored inside the
session. How can I access that info from within another application?
How do I decypher the session?
On Jul 7, 8:26 pm, Fernando P. [email protected]
wrote:
Hi,
I have my main Rails site running and the user_id is stored inside the
session. How can I access that info from within another application?How do I decypher the session?
What session store are you using?
Fred
Frederick C. wrote:
On Jul 7, 8:26�pm, Fernando P. [email protected]
wrote:Hi,
I have my main Rails site running and the user_id is stored inside the
session. How can I access that info from within another application?How do I decypher the session?
What session store are you using?
Fred
If you use :cookie_session_store (the default in Rails2), and use the
same application secret between the two applications,
and you set a domain specific cookie, both should be able to access the
same cookie.
config.action_controller.session = {
:session_key => ‘_my_app_session’,
:secret =>
‘8ab332268appf980149adb591f20bfbb219a2029c5d7ee3c55c7a7439f6aed24d8a787591522adb1b2e16bd83b648642cf0ccfbfb10528bd4f47b9551012c1d’
}
config.action_controller.session_store = :cookie_session_store
config.action_controller.session_options[:session_domain] =
“mydomain.com”
if you have that the same in both,
and your two applications run on app1.mydomain.com and app2.mydomain.com
that should be sufficient…
let me know if I’m wrong.
Mj
http://workingwithrails.com/person/12394-matthew-rudy-jacobs
On 8 Jul 2008, at 09:40, Fernando P. wrote:
Hi thanks for your answers.
I am using cookie based session store. My second app is not a Rails
app,
it a php script. So from that php script how can I use the secret key
“8ab…” to decrypt the info inside the session?
It’s not a decryption key (ie the session is not encrypted). Consider
a typical session:
BAh7BzoPdGV4cGVydF9pZGkE1pM2MiIKZmxhc2hJQzonQWN0aW9uQ29udHJv%0AbGx
lcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA%3D
%3D–3729a7892e049aafce7e6e4db4210
84f5886e4a9
The first bit (before the --) is the session itself. The second part
is a cryptographically strong checksum of that data (using the secret
set in environment.rb)
The session data is just a Marshal.dump of the session, base64
encoded. In ruby you can load it with
Marshal
.load
(CGI
.unescape
( “BAh7BzoPdGV4cGVydF9pZGkE1pM2MiIKZmxhc2hJQzonQWN0aW9uQ29udHJv
%0AbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA%3D
%3D”).unpack(‘m*’).first)
The hard bit for your php app will be implementing Marshal.load (if
you’re lucky, someone has already done this).
Fred
Fernando P. wrote:
Hi thanks for your answers.
I am using cookie based session store. My second app is not a Rails app,
it a php script. So from that php script how can I use the secret key
“8ab…” to decrypt the info inside the session?Best regards,
hmm…
maybe ignore that then.
so what is your setup,
what is your requirement?
If you can access the same database,
then you could do something like
adding a column
add_column :users, :session_key, :string
then when someone logs in
current_session_key = @current_user.set_session_key # create a random,
unique string, and save it
cookie[:my_session_key] = {:domain => “mydomain.com”, :value =>
current_session_key}
then in the php app
you’ll get sent the “my_session_key” cookie
and do the equivalent of
User.find_by_session_key(cookie[:my_session_key])
My users are currently logging in using restful_authentication inside
the rails app, so what I want is to retrieve the user_id from within my
php app so that I can identify who is the user who is sending me the
request.
The best solution would be to find a way to unmarshal the cookie data
from within php, but if that is too complicated to do (although the data
is only a string) then I will use Mat’s solution.
Hi thanks for your answers.
I am using cookie based session store. My second app is not a Rails app,
it a php script. So from that php script how can I use the secret key
“8ab…” to decrypt the info inside the session?
Best regards,