问题
I'd like to have some rails apps over different servers sharing the same session. I can do it within the same server but don't know if it is possible to share over different servers. Anyone already did or knows how to do it?
Thanks
回答1:
Depending on how your app is set up, you can easily share cookies from sites in the same domain (foo.domain, bar.domain, domain) by setting your apps up to use the same secret: http://www.russellquinn.com/2008/01/30/multiple-rails-applications/
Now, if you have disparate sites, such as sdfsf.com, dsfsadfsdafdsaf.com, etc. you'll have to do a lot more tricks because the very nature of cookies restricts them to the specific domain. Essentially what you're trying to do is use cross-site scripting to, instead of hijack your session, read it from the other ones.
In that case, a combination of using the same cookie secret etc and then some cross-site scripting you can manually extract the session info and re-create it on each site (or if you use ActiveRecord session {or NFS session dir}, link up with the existing one). It's not easy, but it can be done.
Or, the low-tech way (which I've done before) is simply have the login page visit a specially crafted login page on each site that sets an app cookie on it and bounces you to the next one. It isn't pretty.
回答2:
Use the Database Session store. The short of it is this:
To generate the table, at the console, run
rake db:sessions:create
in your environment.rb, include this line
config.action_controller.session_store = :active_record_store
回答3:
Try using database-backed sessions.
回答4:
In Rails 2.0 there is now a CookieStore that stores all session data in an encrypted cookie on the client's machine.
http://izumi.plan99.net/blog/index.php/2007/11/25/rails-20-cookie-session-store-and-security/
来源:https://stackoverflow.com/questions/104837/rails-sessions-over-servers