Cross-Domain Sessions with Ruby on Rails

Transcript

1. @LukasFittl Cross-Domain Sessions So, how does one write a Rails

   4 session store?

2. Biz + UX + Dev @LukasFittl

3. So, 7 years ago we started this company: commit 2086c55b13426c2834f7060ad3739eed68e891c2

   Author: Esad Hajdarevic <[email protected]> Date: Sun Mar 25 22:47:30 2007 +0000 ! Initial tags+trunk creation git-svn-id: svn://svn.phoria.eu/soup/trunk@1 c0834aa2-9929-0410-9117-c50b2a7daf23

4. Its still around :)
   ! But it runs Rails 2.3.

5. 100+ hours later
   we’re (almost) on Rails 4.

6. Soooo...
   Sessions.

7. www.soup.io
   = Login/Logout/etc

8. mysoup.io = Soup Admin, Create Posts, etc

9. How can we make that work?

10. First thought:
    <iframe>

11. Actually, thats pretty painful.

12. What we ended up doing: www.soup.io mysoup.io Memcached / Redis

    SESSION_ID REMOTE_SESSION_ID

13. Getting a REMOTE_SESSION_ID: http://mysoup.io/
 => http://soup.io/remote/generate?host=mysoup.io
 (requested with main session

    cookie YYY) ! => http://mysoup.io/?sessid=ZZZ SetCookie: soup_session_id=ZZZ ! => http://mysoup.io/ ! remote_session_link_ZZZ => mysoup.io--YYY Memcached / Redis

14. Lets look at the code :)

15. @LukasFittl Thank you! pganalyze.com