Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

thumblemonks-sso_what

Package Overview
Dependencies
Maintainers
2
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

thumblemonks-sso_what

  • 0.2.1
  • Rubygems
  • Socket score
Version published
Maintainers
2
Created
Source

SSO What

SSO What enables your Rails app to function well with sub-domains solely in the context of managing cookies. SSO What has to do two things (which makes us angry since it should only be one):

  1. Support a dynamic domain that works across sub-domains for session cookies
  2. Support a cookie domain that works across sub-domains for all cookies other than a session cookie

Session Cookies

SSO What is used to generate a session domain for single sign-on which works regardless of sub-domains and different hosts in different environments. So. If you have two servers, kill.for.thrills.hypo.luxa and thrill.olympics.hypo.luxa, the session domain would resolve to .hypo.luxa.

If your staging environment uses kill.for.thrills.alien.jourgensen it will automatically use .alien.jourgensen without further configuration.

To enable this feature set the session options on ActionController using the following line in your environment file:

config.action_controller.session = {:base_domain => true}

If you want to set a specific domain for all session cookies, this has nothing to do with SSO What. But, you can use built-in Rails behavior and do this in your environment file:

config.action_controller.session = {:domain => 'thrill.olympics.hypo.luxa'}

All other cookies

SSO What will force (for now since it's not configurable) all cookies that you set without an explicit domain to work across sub-domains. For example, if the domain your app is serving is foo.example.com and you set a cookie named bar but don't provide a domain, SSO What will kick in and set the domain to .example.com. Without SSO What, the domain would be foo.example.com.

If you provide an explicit domain with your cookie, SSO What just watches everything go by. It may cry a little, though :(

Requirements

Shoulda and Mocha are required to run the tests.

License

Copyright (c) 2008 {Centro}[www.centro.net], released under the MIT license.

Authored by:

{Gabriel Gironda}[gabriel.gironda@gmail.com]
{Josh Davison}[josh.davison@centro.net]
{Justin Knowlden}[gus@gusg.us]

FAQs

Package last updated on 10 Aug 2014

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Risky Business Podcast: Why Open Source Software Needs Better Malware Tracking

Security News

Risky Business Podcast: Why Open Source Software Needs Better Malware Tracking

In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.

By Sarah Gooding  -  Nov 20, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc