Geek Answers Handbook

Session access through subdomains (Rails 4)

Hi, I have an application for multi-rails 4, which has a simple sign in the solution. However, each user has a subdomain that the user redirects after logging in.

The problem is that as they reach the subdomain, they are no longer registered due to the known problem that sessions are not shared between subdomains.

I tried several different solutions to this problem, however I do not want the session to be stored in subdomains. I believe this could be due to my development environment?

I tried all the answers to this question: Share session (cookies) between subdomains in Rails?

Nothing seems to work. Is something missing here? Is it a browser or rails 4 or ....? How do I approach this problem?

Edit: My session_store initializer:

Imagesite::Application.config.session_store :cookie_store, key: '_imagesite_session', :domain => "imagesite.dev"

I also tried ".imagesite.dev" and :all .

I also tried the solution described by Evan on the other issue mentioned above.

Examples of subdomains: "ole.imagesite.dev" or "ole2.imagesite.dev" is only the base subdomain based on what the user entered as their subdomain.

+7
ruby-on-rails session-cookies subdomain session
source share
3 answers

I finally decided it!

I needed to set the domain when I create the auth_token cookie. eg:

 cookies[:auth_token] = { value: user.auth_token, domain: ".lvh.me" }

and, like this, delete the cookie:

 cookies.delete(:auth_token, :domain => '.lvh.me')

Full example:

  def create user = User.find_by_username(params[:username]) user ||= User.find_by_email(params[:username]) if user && user.authenticate(params[:password]) # session[:user_id] = user.id if params[:remember_me] cookies.permanent[:auth_token] = { value: user.auth_token, domain: ".lvh.me" } else cookies[:auth_token] = { value: user.auth_token, domain: ".lvh.me" } end redirect_to root_url(:subdomain => "#{current_user.subdomain}"), notice: "You are now loged in." else flash.now.alert = "Email or password is invalid" render "new" end end def destroy #session[:user_id] = nil cookies.delete(:auth_token, :domain => '.lvh.me') redirect_to root_url(:subdomain => false), notice: "Loged out" end
+13
source share

With Rails 4.2.5.1, the following works for me:

 Rails.application.config.session_store :cookie_store, key: '_magic_session', tld_length: 2

Yes, without the domain: option.

Update. It is better to set the domain: parameter to :all .

 Rails.application.config.session_store :cookie_store, key: '_magic_session', domain: :all, tld_length: 2

It can be domain: "magic.com" if env["HTTP_HOST"] contains an IP address, not a domain name, in a development environment or behind a proxy server. For nginx proxy_set_header HOST $host:$server_port; can save the domain name.

+1
source share

Manually setting the domain in the session initializer always worked for me. Can you post your initializer? And also maybe some examples of subdomains that you are trying to move between them?

0
source share

More articles:


All Articles