Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
An unauthenticated user arrives at http://www.example.com.
The user logs in on: https://api.example.com/login
After successful login, the user is redirected to: https://dashboard.example.com
When going back to: http://www.example.com – the session is kept, and the user can now log out from there
An example is shown by Heroku, which shares cookies among the apps as in the screenshot.
How does this setup work?
How can this setup be imitated with Rack apps?
using SSO/OpenID style techniques, for example by redirecting via forms and transmitting the authentication challenge tokens back and forth in the form parameters.
For example look how stackovervflow and sistersites do it. You can log into one using the other and it is implemented via forms and redirects.
For strictly subdomains, you can just use a single session cookie which is sent to all hosts within “*.domain.com”