Rails Sessions over servers

萝らか妹 提交于 2020-01-03 16:12:13

问题


I'd like to have some rails apps over different servers sharing the same session. I can do it within the same server but don't know if it is possible to share over different servers. Anyone already did or knows how to do it?

Thanks


回答1:


Depending on how your app is set up, you can easily share cookies from sites in the same domain (foo.domain, bar.domain, domain) by setting your apps up to use the same secret: http://www.russellquinn.com/2008/01/30/multiple-rails-applications/

Now, if you have disparate sites, such as sdfsf.com, dsfsadfsdafdsaf.com, etc. you'll have to do a lot more tricks because the very nature of cookies restricts them to the specific domain. Essentially what you're trying to do is use cross-site scripting to, instead of hijack your session, read it from the other ones.

In that case, a combination of using the same cookie secret etc and then some cross-site scripting you can manually extract the session info and re-create it on each site (or if you use ActiveRecord session {or NFS session dir}, link up with the existing one). It's not easy, but it can be done.

Or, the low-tech way (which I've done before) is simply have the login page visit a specially crafted login page on each site that sets an app cookie on it and bounces you to the next one. It isn't pretty.




回答2:


Use the Database Session store. The short of it is this:

To generate the table, at the console, run

rake db:sessions:create

in your environment.rb, include this line

config.action_controller.session_store = :active_record_store



回答3:


Try using database-backed sessions.




回答4:


In Rails 2.0 there is now a CookieStore that stores all session data in an encrypted cookie on the client's machine.

http://izumi.plan99.net/blog/index.php/2007/11/25/rails-20-cookie-session-store-and-security/



来源:https://stackoverflow.com/questions/104837/rails-sessions-over-servers

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!