We've got a lot of existing legacy systems, and as a simple proof-of-concept I'm trying to get rails to work as an extension for these systems in a relatively transparent way. I've got rails running on another server with access to the same database as the legacy system. I'm simply popping up the rails in a frame on the legacy system, so the user can hardly tell that they've left the server. The tricky part is authentication. I know I can't read the cookie from the other domain, so I'm passing the md5 hash in the query string in the initial link to the rails app (with a typical ?something=something). I'm hoping to be able to access this via the params array, query the session table for the user info, and then build another cookie that the rails apps can use. Even merely querying the session table before any controller requests and making sure that the hash from the initial URL request is present, and checking these before any actions in the controller requests, might be sufficient for the time being (not a high load system). My first question is simple -- why aren't the paramaters I'm passing in the params array? If I print out params I can see that the controller and action are in there, but the one paramter I passed in the initial url isn't. I can parse response.query_string myself to get it, but it feels like that shoudn't be necessary. Is there a better way to get this? More generally, has anyone done this sort of authentication. There isn't any important information in the cookie really. I just want to to verify that the user has a valid login cookie from the other system. Is there a general way I can take the cookie md5 hash passed from the initial query request into the rails system, and build a cookie that rails will then rely on for authentication?
on 2006-03-17 23:09
on 2006-03-30 14:08
Just came across this. Have you had any luck resolving as of yet? You should be able to access everything via the params hash. Try this: result = @params[:something] Replace ":something" with the symbol of your query variable. On 17 Mar 2006 22:08:31 -0000, kevin finn