Hi All,

I'm using Ruby On Rails to develop an in-house site. The basic design is - a log in screen which verifies credentials against LDAP server. Once logged in, a mainpage is presented, with a number of different tabs. Depending on the tab, the webpage interacts with a different back-end system on the web host via REST API - For example, a software version control system, or an in house software build / compilation system, or an in-house test management system. All of these use the credentials supplied in the log in screen. What I need to do is "preserve" (or pass through!) the user/password supplied and verified at the log in screen, for use by the API calls, for the appropriate system.

For clarification here, I should add that on the login screen, the authentication is done via an API call to one of the back end systems - and upon successful response from this call, I do a redirect_to call to get to the main page (a "GET" in my routes.rb config)

So I'm looking for a safe, secure way of making the verified credentials available from the authentication controller, to the mainpage controller.

One option is obviously cookies - but to describe this as insecure is an understatement! I could (I believe) pass them as part of a GET for the mainpage, but I believe this would result in them being displayed as part of the URL. Even less safe the cookies!

Thoughts / Comments / Suggestions?