Add a note about hacking with URL params instead of cookies

courtenay · Jan 25, 2009 · 6d389fb · 6d389fb
1 parent e6b3a04
commit 6d389fb
Showing 1 changed file with 22 additions and 0 deletions.
diff --git a/README b/README
@@ -38,6 +38,28 @@ class SessionsController
   end
 end
 
+If you want to have Tender redirect to your site's login form and can't/don't want to use domain cookies you
+can just pass the variables in the URL.
+
+  Tender -> click "login" -> goes to your site -> returns to Tender with URL params
+
+You can implement this something like
+
+# /app/controllers/sessions_controller.rb
+class SessionsController
+  def login
+    if user = User.authenticate(params[:login], params[:password])
+      if params[:tender]
+        auth = user.tender_multipass({}, 1.week.from_now.to_i)
+        redirect_to "http://your.tenderapp.com/login?email=#{auth[:tender_email]}&expires=#{auth[:tender_expires]}&hash=#{auth[:tender_hash]}"
+      else
+        redirect_to "/"
+      end
+    end
+  end
+end
+
+
 Notes
 =====