Question
An unauthenticated user arrives at www.example.com.
The user logs in on: https://api.example.com/login
After successful login, the user is redirected to: https://dashboard.example.com
When going back to: www.example.com - the session is kept, and the user can now log out from there
An example is shown by Heroku, which shares cookies among the apps as in the screenshot.
How does this setup work? How can this setup be imitated with Rack apps?
Solution
using SSO/OpenID style techniques, for example by redirecting via forms and transmitting the authentication challenge tokens back and forth in the form parameters.
For example look how stackovervflow and sistersites do it. You can log into one using the other and it is implemented via forms and redirects.
For strictly subdomains, you can just use a single session cookie which is sent to all hosts within "*.domain.com"
https://stackoverflow.com/questions/14157537
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian