Share Authentication Cookies

I would like to know if it is possible to share Authentication cookies
between 2 url’s with ruby. Does anyone know how to?

thanks

You can set the ‘domain’ (like: .example.org) and ‘path’ (like: /)
arguments
to the cookie. This will make the browser to send the same cookie on
different domains and paths.

The ruby cgi library supports this.

See:

http://ruby-doc.org/stdlib/libdoc/cgi/rdoc/index.html

martin

Martin B. wrote:

You can set the ‘domain’ (like: .example.org) and ‘path’ (like: /)
arguments
to the cookie. This will make the browser to send the same cookie on
different domains and paths.

The ruby cgi library supports this.

See:

http://ruby-doc.org/stdlib/libdoc/cgi/rdoc/index.html
HTTP cookie - Wikipedia

martin

is this valid for to completely different url’s

No, this is a http restriction implemented at the user agent (browser).

RFC 2109:
8.3 Unexpected Cookie Sharing

A user agent should make every attempt to prevent the sharing of
session information between hosts that are in different domains.
Embedded or inlined objects may cause particularly severe privacy
problems if they can be used to share cookies between disparate
hosts. For example, a malicious server could embed cookie
information for host a.com in a URI for a CGI on host b.com. User
agent implementors are strongly encouraged to prevent this sort of
exchange whenever possible.

Martin B. wrote:

You can set the ‘domain’ (like: .example.org) and ‘path’ (like: /)
arguments
to the cookie. This will make the browser to send the same cookie on
different domains and paths.

The ruby cgi library supports this.

See:

http://ruby-doc.org/stdlib/libdoc/cgi/rdoc/index.html
HTTP cookie - Wikipedia

martin

is this valid for two completely different url’s sharing the same
database i:e www.whatever.com and www.myurl.com