Would anyone like to tell me how very wrong I am?

I’m implementing a strategy to synchronize sessions between Discourse and another rails application.

What I’m doing works. BUT I’m sure I’m violating several best-practices and missing some key optimizations. Anybody want to look at what I did and tell me where I’m going wrong?


I’m creating a new CurrentUserProvider that is heavily influenced by the default one that ships with Discourse. This provider checks for a shared domain cookie, and looks that cookie up in Redis. If a logged in user’s data is returned from Redis then that user is either registered or signed in using the SSO methods.

Any feedback is appreciated!

Other devs will have an easier time reviewing your code if you can point directly to the parts of the code that worry you the most, one at a time.