I have a standard Rails app with Devise for authentication. I have a second app with Helpy.io installed (also Devise). I am looking for two scenarios:
Here is what I have tried for option 1 to start:
I have set the SECRET_KEY_BASE and SESSION_STORE on both sites the same and in session_store.rb:
Rails.application.config.session_store :cookie_store, key: ENV['SESSION_STORE'], domain: 'mydomain'
On my help site I have an application controller before_action that redirects to the main site if a particular session variable is nil (this is cleared on the main site if you logout).
What Works
If I authenticate on the main site then visit the help site everything works fine. I can navigate the help site etc. and I am not logged in (which is fine for option 1 for now). My users can just browse the help site and open tickets manually. If I signout on the main site and go to the help site my re-direct kicks in and I end up back at the main app sign-in page.
What is Broken
If I navigate from the help site back to the main site I am automatically signed out. I can still access the help site. If I log back in the main site works fine again UNTIL I go back to the help site and the process starts again.
Question
Where do I start to look to find what in Devise or anywhere else (assuming it's Devise) that is getting cleared etc. to make my app think I am not authenticated anymore?
I ended up going with a static Jeklly site and this approach: