We’ve got a lot of existing legacy systems, and as a simple
proof-of-concept I’m trying to get rails to work as an extension for
these systems in a relatively transparent way. I’ve got rails running
on another server with access to the same database as the legacy system.
I’m simply popping up the rails in a frame on the legacy system, so the
user can hardly tell that they’ve left the server.
The tricky part is authentication. I know I can’t read the cookie from
the other domain, so I’m passing the md5 hash in the query string in the
initial link to the rails app (with a typical ?something=something).
I’m hoping to be able to access this via the params array, query the
session table for the user info, and then build another cookie that the
rails apps can use. Even merely querying the session table before any
controller requests and making sure that the hash from the initial URL
request is present, and checking these before any actions in the
controller requests, might be sufficient for the time being (not a high
load system).
My first question is simple – why aren’t the paramaters I’m passing in
the params array? If I print out params I can see that the controller
and action are in there, but the one paramter I passed in the initial
url isn’t. I can parse response.query_string myself to get it, but it
feels like that shoudn’t be necessary. Is there a better way to get
this?
More generally, has anyone done this sort of authentication. There
isn’t any important information in the cookie really. I just want to to
verify that the user has a valid login cookie from the other system. Is
there a general way I can take the cookie md5 hash passed from the
initial query request into the rails system, and build a cookie that
rails will then rely on for authentication?