在 Rails 3 中跨多个子域删除会话 Cookie [英] Delete Session Cookies Across Multiple Subdomains in Rails 3
问题描述
我正在构建一个与 Wufoo 类似的 rails 应用程序.当您注册时,您将获得一个子域,您可以在主页上登录.该应用程序正在运行,因此当您登录时,您会被重定向到您的子域.问题是我无法删除两个域上的会话.如果您在 (username.myapp.com) 上注销,它会在 (myapp.com) 上保持登录状态,反之亦然.
I'm building a rails app that works similar to Wufoo. When you sign up you get a subdomain, and you can log in on the home page. The app is working, so that when you log in, you get redirected to your subdomain. The problem is that I can't delete the session on both domains. If you log out at (username.myapp.com), it stays logged in at (myapp.com) and vice versa.
现在我使用 session[:user_id] = nil
来删除会话.有没有办法删除所有域中的所有会话.
Right now I'm using session[:user_id] = nil
to delete the session. Is there a way to delete all the sessions across all domains.
另外,我附加了 :domain =>:all
到我的 session_store.rb
文件,这样我就可以跨多个子域保持登录状态.
In addition, I appended :domain => :all
to my session_store.rb
file so I could stay logged in across multiple subdomains.
推荐答案
关键在于您如何设置会话 cookie,因为您无法从顶级域中删除子域 cookie (username.myapp.com)(myapp.com).要解决此问题,您需要将所有共享会话 cookie 设置在 myapp.com 域下.为此,请按以下方式设置会话:
The key is really how you set your session cookies, because you can't delete a subdomain cookie (username.myapp.com) from a top-level domain (myapp.com). To solve this you'll want all your shared session cookies to be set under the myapp.com domain. To do this, setup your sessions in the following way:
Rails.application.config.session_store :cookie_store, :domain => 'myapp.com'
那样,当您销毁会话 (session[:id] = nil
) 时,您将删除共享 cookie.我相信您还必须使用 session[:id] 而不是 session[:user_id] 来删除会话.
That way, when you destroy your session (session[:id] = nil
) you'll be removing the shared cookie. I believe you will also have to delete the session using session[:id] instead of session[:user_id].
这篇关于在 Rails 3 中跨多个子域删除会话 Cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!