How to create a session in PHP when there is a session on the same domain in Rails?

Question

I have a Rails app on a subdomain - xyz.domain.com, and a PHP app on another subdomain - abc.domain.com

When a user is logged into the Rails app, I would like to give them a session so that I can log certain events about that user in the PHP app but in the same database of the Rails app. I would essentially just expose an API that requires authentication.

What is the best way to go about this? I am not storing the session in a database

UPDATE I should mention that the goal is to allow authenticated access from the PHP site to the database that has been only used by the Rails app thus far. If a user is logged into the Rails app, I want to be able to track any events that occur on the PHP site and associate them with the user.

Answer 1

I will reply, not knowing a lot about Rails.

You can customize the cookie name in php.ini. Between the session name and the correct cookie domain you can create a cookie that will be shared by both applications.

A "session" in PHP terms just implies a cookie whose value points to some set of saved data in the session store. For example, if PHP (using the default config) sees a cookie PHPSESSID=2b00042f7481c7b056c4b410d28f33cf, it will look for a session file like /tmp/sess_2b00042f7481c7b056c4b410d28f33cf. The file just contains the output of serialize($_SESSION).

So, sharing the session will share this cookie value, but nothing else intrinsically. You will have to decide how to share other values, if PHP is to insert log records. Some options:

1. If the PHP session is empty, query a URL in the Rails app that provides the logged-in username and other session details. Make sure the URL is only accessible from localhost.
2. Equate sessions IDs to usernames/ids in the database so PHP can do a lookup.

Answer 2

i think session is not possible. you can use database to store authentication if they can share same database between subdomain.