发表新帖
发表新帖

Devise not working well with multiple subdomains on RoR3 application

前端 未结
关注
2 1334
遇见更好的自我
遇见更好的自我 2021-02-08 19:02

I have seen a lot of questions about this topic, but a lot of them have contradictory information, and for some reason it didnt work for me.

I have:

相关标签:
2条回答
  • 没有蜡笔的小新
    2021-02-08 19:20

    According to this guy here: Rails: how can I share permanent cookies across multiple subdomains? You need to set the domain manually? Googling around it looks like '.domainname.com' with the dot at the beginning really is the way to go.

    If you inherit from Devise::SessionsController you can manually set it on create

    class SessionsController < Devise::SessionsController
  def create
    # modify the cookie here
    super
  end
end

    I am setting up a working example to test that out, I'll post back afterwards, cheers!

    And here is my Edit

    Forget tempering with the token on create. The problematic is this, you need to have the token domain set to '.lvh.me' that's all there is to it, but domain: '.lvh.me' just doesn't do anything. Here is my proof of concept and ultimately it boiled down to a single change inside a controller:

    class HomeController < ApplicationController
  def index
    cookies[:_cookietest_session] = {domain: '.lvh.me'}
  end
end

    In Chrome the token would look like this

    enter image description here

    And that for subdomain.lvh.me, lvh.me and any other subdomain I tried. I can sign_in/sign_out from any and the session is created/destroyed accordingly.

    Now I wouldn't advise doing it the way I did, I liked the middleware approach I think it would work just fine if setup properly. Let me know if you need further help on this.

    Cheers!

    Ok last thing

    I went back and tried domain: :all because it really ought to work as you have expected. If I access lvh.me I get a cookie with .lvh.me but if I got to subdomain.lvh.me I get one that reads .subdomain.lvh.me

    enter image description here

    0 讨论(0)
  • 你的背包
    2021-02-08 19:32

    I think the issue is that :all adds a . to the subdomain.lvh.me so you would stay logged in with foo.subdomain.lvh.me which doesn't do you much good.

    :all seems to work if your original login is from the root domain lvh.me and you then redirect to a subdomain. but you can't log in through a subdomain with it set that way.

    MyApplication::Application.config.session_store :cookie_store, :key => '_mykey', :domain => '.lvh.me'

    looks like the correct way to specify this.

    Note:

    • Make sure you restart rails after making change.
    • Make sure you clear cookies out for your domain before testing again. You can leave remnant cookies behind that are confusing between tests.
    0 讨论(0)
 看不清?
提交回复
热议问题