2

I have a Ruby on Rails + Devise solution in my back-end, that allows me, for what I understood, to authenticate using cookies.

Right now I am developing a Chrome extension that communicates with that back-end, and since it sends the same cookies as the web app in every request, everytime that I log in using the Chrome extension I am automatically logged in in my web app, and vice-versa.

So my question is: what would be the best way to separate them?

e.g. user A logged in on the webapp and user B logged in on the chrome extension at the same time.

André Alves
  • 6,535
  • 3
  • 17
  • 23
  • There was a [recent discussion](https://stackoverflow.com/questions/29813340/possible-to-modify-cookie-values-in-a-jquery-ajax-request/) that may answer your question. Then again, cookies are not the only form of auth - so I'm not marking it as duplicate. See `chrome.identity`. – Xan May 11 '15 at 15:27
  • @Xan Is it a good/clean solution to have a chrome extension modifying (saving and restoring) the cookies that are being sent? As for the chorme.identity, it is a nice solution, but it means changing to authenticable tokens, right? Aren't authenticable tokens saved in cookies in order to persist on the client side? – André Alves May 11 '15 at 16:17
  • Probably another good solution is to use a Chrome app / webview tag. Separate cookie store from the browser. Depends on what your extension does, though. – Xan May 11 '15 at 16:18
  • @Xan webview tag is only available for Chrome apps, not extensions unfortunately :/ As for the extension, it only fetches some data from the server, but it requires auth. I guess the way to go is to implement an OAuth API, but I am wondering if there is quicker way to do this. – André Alves May 12 '15 at 17:59

0 Answers0