[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

comp.lang.ruby

Share Authentication Cookies

Sam Ginko

6/26/2008 9:47:00 PM

I would like to know if it is possible to share Authentication cookies
between 2 url's with ruby. Does anyone know how to?

thanks
--
Posted via http://www.ruby-....
4 Answers

Martin Boese

6/27/2008 1:24:00 PM

0

You can set the 'domain' (like: .example.org) and 'path' (like: /) arguments
to the cookie. This will make the browser to send the same cookie on
different domains and paths.

The ruby cgi library supports this.

See:

http://ruby-doc.org/stdlib/libdoc/cgi/rdoc/...
http://en.wikipedia.org/wiki/HTTP_cookie#Cookie_...

martin


On Thursday 26 June 2008 22:47:07 Sam Ginko wrote:
> I would like to know if it is possible to share Authentication cookies
> between 2 url's with ruby. Does anyone know how to?
>
> thanks

Sam Ginko

6/27/2008 2:42:00 PM

0

Martin Boese wrote:
> You can set the 'domain' (like: .example.org) and 'path' (like: /)
> arguments
> to the cookie. This will make the browser to send the same cookie on
> different domains and paths.
>
> The ruby cgi library supports this.
>
> See:
>
> http://ruby-doc.org/stdlib/libdoc/cgi/rdoc/...
> http://en.wikipedia.org/wiki/HTTP_cookie#Cookie_...
>
> martin

is this valid for to completely different url's
--
Posted via http://www.ruby-....

Sam Ginko

6/27/2008 9:47:00 PM

0

Martin Boese wrote:
> You can set the 'domain' (like: .example.org) and 'path' (like: /)
> arguments
> to the cookie. This will make the browser to send the same cookie on
> different domains and paths.
>
> The ruby cgi library supports this.
>
> See:
>
> http://ruby-doc.org/stdlib/libdoc/cgi/rdoc/...
> http://en.wikipedia.org/wiki/HTTP_cookie#Cookie_...
>
> martin


is this valid for two completely different url's sharing the same
database i:e www.whatever.com and www.myurl.com

--
Posted via http://www.ruby-....

Martin Boese

6/27/2008 10:29:00 PM

0

No, this is a http restriction implemented at the user agent (browser).

RFC 2109:
8.3 Unexpected Cookie Sharing

A user agent should make every attempt to prevent the sharing of
session information between hosts that are in different domains.
Embedded or inlined objects may cause particularly severe privacy
problems if they can be used to share cookies between disparate
hosts. For example, a malicious server could embed cookie
information for host a.com in a URI for a CGI on host b.com. User
agent implementors are strongly encouraged to prevent this sort of
exchange whenever possible.


On Friday 27 June 2008 22:46:50 Sam Ginko wrote:
> Martin Boese wrote:
> > You can set the 'domain' (like: .example.org) and 'path' (like: /)
> > arguments
> > to the cookie. This will make the browser to send the same cookie on
> > different domains and paths.
> >
> > The ruby cgi library supports this.
> >
> > See:
> >
> > http://ruby-doc.org/stdlib/libdoc/cgi/rdoc/...
> > http://en.wikipedia.org/wiki/HTTP_cookie#Cookie_...
> >
> > martin
>
> is this valid for two completely different url's sharing the same
> database i:e www.whatever.com and www.myurl.com