ruby - Rails - Multiple top level domains and a single session/cookie

Question

I've been struggling with this for quite awhile and haven't been able to find a solution. I need a user to be able to view multiple top level domains with a single login.

My understanding is that this needs to be set in environment.rb and called with before_dispatch. This is what I've come up with:

require 'activesupport'
require 'dispatcher'
module ActionController
   class Dispatcher

      def set_session_domain
         ActionController::Base.session_options.update :session_domain => "#{@request.host}"
      end 

      before_dispatch :set_session_domain
   end
end

However, this does not seem to be working when I try and pull the values from session[:session_domain].

Any help is greatly appreciated.

Answer 1

This one is a bit tricky. Since cookies can only be assigned to (and retrieved from) the current domain ("forms.example.com", say) and parent domains (".example.com", but not ".com"), but NOT to other domains ("othersite.com"), you'll have to find yourself another solution. This has nothing to do with Rails, but with how cookies work.

EDIT: Sessions rely on a client-specific handle, stored in a cookie, which is why sessions also don't work cross-domain.

This site has one possible solution for creating a cross-domain cookie, and it's the cleanest way I know of, although it may have some security implications. A more complicated version would have the servers communicate directly through some secure channel.

If you're looking for a more general-purpose single-login service, try implementing some form of OpenID.