Geek Answers Handbook

Setting up a Rails application to handle multiple subdomains and multiple cookies

I have a rails application that supports multiple domains, and each domain can have multiple subdomains.

Users who visit mydomain1.com do not get the same experience as mydomain2.com (although the basic behavior of the applications is the same)

Therefore, if a user is logged in to mydomain1.com, he should not be registered at mydomain2.com

If a user is logged in to france.mydomain1.com, he must then log in to germany.mydomain1.com

Earlier, I dealt with this by setting the domain in the session storage configurations:

MyApp::Application.config.session_store :cookie_store, :key => '_MyApp_session', :domain => APP_CONFIG[:domain]

Am I trying to find a better way to handle these multiple domains?

I tried to crack ActionDispatch::Callback , but the request is not available there.

Can anyone suggest a good way to support multiple cookies from one application?

Ideally, I would like to create a fresh cookie for each subdomain .

+4
source share
2 answers

You must do this:

 class ActionDispatch::Session::MultiDomainStore < ActionDispatch::Session::CookieStore def initialize(app, options = {}) super(app, options.merge!(:domain => compute_domain(app))) end def compute_domain(app) ... end end MyApp::Application.config.session_store :multi_domain_store, :key => '_MyApp_session'

those. Your domain must begin with a period.

+5
source

This should not be a problem as cookies are valid only for the domain. You can have _MyApp_session for example1.com and one for example2.com . Cookies are managed by the browser and are only sent to the host if the domain matches.

Say you visit example1.com and log in and you get a cookie with the value abcdef123 . Then you go to example2.com and you will get another cookie with a random string uvwxyz890 .

If you return to example1.com later, the browser will only send cookies valid for this domain to your application. Your application will not need to manage anything, and you do not need to hack anything.

+1
source

More articles:


All Articles