Share Authentication Cookies

I would like to know if it is possible to share Authentication cookies
between 2 url's with ruby. Does anyone know how to?

thanks

You can set the 'domain' (like: .example.org) and 'path' (like: /) arguments
to the cookie. This will make the browser to send the same cookie on
different domains and paths.

The ruby cgi library supports this.

See:

http://ruby-doc.org/stdlib/libdoc/cgi/rdoc/index.html

martin

Martin Boese wrote:

You can set the 'domain' (like: .example.org) and 'path' (like: /)
arguments
to the cookie. This will make the browser to send the same cookie on
different domains and paths.

The ruby cgi library supports this.

See:

http://ruby-doc.org/stdlib/libdoc/cgi/rdoc/index.html
HTTP cookie - Wikipedia

martin

is this valid for to completely different url's

Martin Boese wrote:

You can set the 'domain' (like: .example.org) and 'path' (like: /)
arguments
to the cookie. This will make the browser to send the same cookie on
different domains and paths.

The ruby cgi library supports this.

See:

http://ruby-doc.org/stdlib/libdoc/cgi/rdoc/index.html
HTTP cookie - Wikipedia

martin

is this valid for two completely different url's sharing the same
database i:e www.whatever.com and www.myurl.com

No, this is a http restriction implemented at the user agent (browser).

RFC 2109:
8.3 Unexpected Cookie Sharing

   A user agent should make every attempt to prevent the sharing of
   session information between hosts that are in different domains.
   Embedded or inlined objects may cause particularly severe privacy
   problems if they can be used to share cookies between disparate
   hosts. For example, a malicious server could embed cookie
   information for host a.com in a URI for a CGI on host b.com. User
   agent implementors are strongly encouraged to prevent this sort of
   exchange whenever possible.