更改Rails会话cookie域而不注销用户 [英] Change Rails session cookie domain without logging users out

问题描述

我正在使用Rails 4.2.2（与Devise 3.4.1一起使用），并将cookie_store域从www.boundless.dev更改为.boundless.dev，以便在我们所有子域中共享相同的会话（单符号） -on）。

I'm using Rails 4.2.2 (with Devise 3.4.1) and am changing the cookie_store domain from www.boundless.dev to .boundless.dev in order to share the same session across all of our subdomains (single sign-on).

Boundless::Application.config.session_store :cookie_store, key: '_boundless_session', domain: '.boundless.dev'

如果我单独进行此更改。返回站点的现有登录用户将最终获得2个 _boundless_session cookie，一个cookie包含domainless.dev域，另一个使用www.boundless.dev域。

If I make this change alone. Existing logged-in users who return to the site will end up with 2 _boundless_session cookies, one with domain boundless.dev and the other with www.boundless.dev. Somehow this makes logging out impossible.

是否可以在不将所有用户都退出站点的情况下进行此更改？

Is it possible to make this change without logging all users out of the site?

我认为我可以在ApplicationController中编写一个 before_filter 方法，以删除会话cookie，并用.boundless中的新cookie替换它。开发人员，但它不起作用，我怀疑它与 remember_user_token cookie有关。

I thought that I'd be able to write a method as a before_filter in my ApplicationController to delete the session cookie and replace it with a new one at .boundless.dev, but it doesn't work, and I suspect it has something to do with the remember_user_token cookie.

def update_session_cookie_domain
  session_cookie = cookies['_boundless_session']
  cookies.delete('_boundless_session', domain: 'www.boundless.dev')
  cookies['_boundless_session'] = {
    value: session_cookie,
    domain: '.boundless.dev'
  }
end

推荐答案

我能够通过更改用于会话的cookie名称来解决此问题。

I was able to solve this problem by changing the cookie name used for the session.

因此原始配置为：

Boundless::Application.config.session_store :cookie_store, key: '_boundless_session', domain: 'www.boundless.dev'

然后我将其更改为：

Boundless::Application.config.session_store :cookie_store, key: '_boundless_session_NEW', domain: '.boundless.dev'

我希望这可以使用户注销，但这并不是出于某种原因

I expected this to log users out, but it doesn't for some reason that I don't quite understand.

不幸的是，我还没有找到清除旧的 _boundless_session cookie，但至少现在我可以在将会话cookie更新到更通用的域后注销。

Unfortunately, I've yet to find a way to clear the old _boundless_session cookie, but at least now I can log out after having my session cookie updated to the more general domain.

这篇关于更改Rails会话cookie域而不注销用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！