在两个Rails4应用程序之间共享会话 [英] Share session between two rails4 applications

问题描述

我正在使用devise创建一个应用程序。有两个域名1）www.test.com和2）www.hello.com都指向同一应用程序。所以我想在两个应用程序之间共享会话（current_user）。用户将登录（1），并且应该在域（2）上访问。

I am creating a application with devise. there is two domain name 1) www.test.com and 2) www.hello.com both domain pointing to same application. so I want to share session(current_user) between both app. user will login on (1) and it should access on domain(2).

请提出执行此操作的最佳方法。

Please suggest what's the best way todo it.

推荐答案

此处的基本问题是cookie的工作方式（当然，会话依赖于cookie）。 Cookie具有域属性，浏览器仅发送域与请求主机匹配的cookie（域开头的句点含义有些微妙）

The basic issue here is the way in which cookies work (which of course sessions depend on). A cookie has a domain attribute and browsers only send cookies whose domain match the request host (there's a little bit of subtlety of the meaning of a period at the start of the domain)

此外，在设置Cookie时，浏览器将仅接受一个域，该域是当前域的父域，而不是公共域）。例如，如果您收到 www.example.com 的回复，则可以为 www.example.com 设置cookie或 example.com ，但不是 .com （浏览器具有列出不允许使用的域名）。

Furthermore, when setting a cookie, browsers will only accept a domain that is a parent domain of the current domain and which is not a public domain). For example if you are receiving a response from www.example.com it can set cookies for www.example.com or example.com, but not .com (Browsers have a list of which domain names shouldn't be allowed).

所有这一切都表示如果您的两个应用程序都没有'不共享一个共同的父母（就像您的情况一样），那么您就无法共享Cookie，因此就无法共享Rails会话。

All this to say that if your two apps don't share a common parent (as it is in your case) then you can't share cookies and thus you can't share a rails session.

有很多解决这个问题的方法，一个简单的称为 CAS （中央身份验证服务）协议。基本流程是

There are many ways to deal with this, a simple one is known as CAS (Central Authentication Service) protocol. The basic flow with this is

1. 用户转到hello.com并尝试访问一些受保护的资源（例如/ home


2. 用户被重定向到 sso.example.com/service?=http://hello.com/home


3. 在此像往常一样验证用户的身份：用户登录，从cookie识别等。


4. sso服务生成票证（人为令牌）并重定向用户到 http://hello.com/home?ticket=ABC123


5. hello.com上的应用程序将票证传递回SSO服务器（服务器端）


6. SSO服务器做出响应，指示票证是否有效。还将包含有关用户的一些信息（例如电子邮件）


7. hello.com 设置会话Cookie，以便后续请求可以跳过步骤2-6

1. User goes to hello.com and tries to access some protected resource (e.g. /home
2. User is redirected to sso.example.com/service?=http://hello.com/home
3. The user's identity is verified here as usual: the user either logs in, is recognised from a cookie etc.
4. The sso service generates a ticket (an arbitary token) and redirects the user to `http://hello.com/home?ticket=ABC123
5. The application at hello.com makes a (server side) request back to the SSO server, passing the ticket
6. The SSO server responds indicating whether the ticket is valid. If the ticket is valid it will also include some information about the user (e.g. email)
7. hello.com sets a session cookie so that subsequent requests can skip steps 2-6

有cas的ruby实现（例如 ruby​​cas （具有cas客户端和服务器），并设计策略使用CAS。当然，还有其他方法可以做到这一点，例如使用誓言，但CAS则更简单。

There are ruby implementations of cas (e.g. rubycas which has both a cas client and server) and devise strategies that use CAS. There are of course other ways you can do this, for example using oath, but CAS is somewhat simpler.

这篇关于在两个Rails4应用程序之间共享会话的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！