Best IT Recipes

It is not recommended to work with multiple subdomains in the RoR3 application.

I saw a lot of questions on this topic, but many of them have conflicting information, and for some reason this did not work for me.

I have:

top level domain: i.e. lvh.me (development). each user has subdomains: that is, userdomain.lvh.me The login form is in the top-level domain: lvh.me

I want to:

  • If the user is logged in, the session must be shared by all subdomains. I mean, the session should be active in lvh.mehaps000/something and userdomain.lvh.mehaps000
  • If the user logs out of lvh.mehaps000/something, he must work, and if the user logs out of userdomain.lvh.mehaps000, he must also work.

I tried

  • Setting in the initializer:

    MyApplication :: Application.config.session_store: cookie_store ,: key => '_mykey' ,: domain =>: all

What happened

I can enter lvh.mehaps000, I am correctly redirected to lvh.mehaps000/internalpage, and if I switch to subdomain.lvh.mehaps000, it works fine. I can also exit lvh.mehaps000/internalpage BUT , if I try to exit subdomain.lvh.mehaps000, this will not work. The destroy action in the Devise SessionsController is done, but the session does not die.



According to http://excid3.com/blog/sharing-a-devise-user-session-across-subdomains-with-rails-3/ ,

The trick here: domain option. This means that the level (top-level domain) tells Rails how much time the domain takes. The part that you want to pay attention to is that if you set: domain =>: everything is recommended in some places, it just doesn’t work if you use localhost .: all default values ​​are equal to the TLD length equal to 1, which means that if you test using Pow (myapp.dev), it will not work either because it is a TLD of length 2.

So after reading I also tried

MyApplication :: Application.config.session_store: cookie_store ,: key => '_mykey' ,: domain => 'lvh.me'

What happened I can enter lvh.mehaps000, I am correctly redirected to lvh.mehaps000/internalpage, and if I switch to subdomain.lvh.mehaps000, this will not work, I do not have a session there. If I go back to lvh.mehaps000/internalpage, my session has disappeared. What happened there?



What else?

Then, after reading the rails of 3.2 subdomains and developing , I changed the initialization string to

MyApplication::Application.config.session_store :cookie_store, :key => '_mykey', :domain => '.lvh.me'

Pay attention to ".". in front of the domain name. According to a post in SO:

This allows this cookie to be accessible through subdomains and the application must support a session on subdomains. It may not be 100% what you are looking for, but it should make you go in the right direction.

What happened Nothing, it didn’t work. Same behavior compared to what I tried.



I finally tried. What does the Rails 3 session_store domain do: is everything really? by creating your own class for processing cookies. But I’m out of luck.

Of course, before each attempt, I deleted all cookies and temp. I also changed the name of the cookie. Any help? Thank!

+9
ruby cookies ruby-on-rails-3 devise
Feb 08 '13 at 19:46
source share
2 answers

According to this guy here: Rails: how can I share persistent cookies across multiple subdomains? Do you need to set the domain manually? It seems that googling around it looks like '.domainname.com' with a dot at the beginning, this is really the way to go.

If you inherit from Devise::SessionsController , you can manually set it when creating

 class SessionsController < Devise::SessionsController def create # modify the cookie here super end end

I am setting up a working example to check this, I will send back after that, greetings!

And here is my Edit

Forget hardening with a token when creating. The problem is that you need the token domain set to '.lvh.me', which is all it needs, but domain: '.lvh.me' just doesn't do anything. Here is my proof of concept and, ultimately, it came down to one change inside the controller:

 class HomeController < ApplicationController def index cookies[:_cookietest_session] = {domain: '.lvh.me'} end end

In Chrome, the token will look like this:

enter image description here

And that for subdomain.lvh.me, lvh.me and any other subdomain I tried. I can sign_in / sign_out from anywhere, and the session is created / destroyed accordingly.

Now I would not recommend doing it the way I did, I liked the middleware approach, I think that it will work fine if configured correctly. Let me know if you need more help.

Hurrah!

Ok last thing

I came back and tried domain: :all , because it really should work as you expected. If I get access to lvh.me, I get a cookie with .lvh.me, but if I get to subdomain.lvh.me, I get one that reads .subdomain.lvh.me

enter image description here

+10
Feb 12
source share

I think the problem is that: everything adds a. to subdomain.lvh.me so that you stay in the system with foo.subdomain.lvh.me, which is not very good for you.

: everything seems to work if your original login is in the root domain of lvh.me and then redirected to a subdomain. but you cannot enter through a subdomain with him that way.

 MyApplication::Application.config.session_store :cookie_store, :key => '_mykey', :domain => '.lvh.me'

Looks like the right way to point this out.

Note:

  • Be sure to reload the rails after making the changes.
  • Before retesting, be sure to clear the cookies for your domain. You can leave the remaining cookies erring between the tests.
0
Aug 25 '15 at 19:17
source share


More articles:


All Articles