在 Rails 3 中跨多个子域删除会话 Cookie [英] Delete Session Cookies Across Multiple Subdomains in Rails 3

问题描述

我正在构建一个与 Wufoo 类似的 rails 应用程序.当您注册时，您将获得一个子域，您可以在主页上登录.该应用程序正在运行，因此当您登录时，您会被重定向到您的子域.问题是我无法删除两个域上的会话.如果您在 (username.myapp.com) 上注销，它会在 (myapp.com) 上保持登录状态，反之亦然.

I'm building a rails app that works similar to Wufoo. When you sign up you get a subdomain, and you can log in on the home page. The app is working, so that when you log in, you get redirected to your subdomain. The problem is that I can't delete the session on both domains. If you log out at (username.myapp.com), it stays logged in at (myapp.com) and vice versa.

现在我使用 session[:user_id] = nil 来删除会话.有没有办法删除所有域中的所有会话.

Right now I'm using session[:user_id] = nil to delete the session. Is there a way to delete all the sessions across all domains.

另外，我附加了 :domain =>:all 到我的 session_store.rb 文件，这样我就可以跨多个子域保持登录状态.

In addition, I appended :domain => :all to my session_store.rb file so I could stay logged in across multiple subdomains.

推荐答案

关键在于您如何设置会话 cookie，因为您无法从顶级域中删除子域 cookie (username.myapp.com)(myapp.com).要解决此问题，您需要将所有共享会话 cookie 设置在 myapp.com 域下.为此，请按以下方式设置会话:

The key is really how you set your session cookies, because you can't delete a subdomain cookie (username.myapp.com) from a top-level domain (myapp.com). To solve this you'll want all your shared session cookies to be set under the myapp.com domain. To do this, setup your sessions in the following way:

Rails.application.config.session_store :cookie_store, :domain => 'myapp.com'

那样，当您销毁会话 (session[:id] = nil) 时，您将删除共享 cookie.我相信您还必须使用 session[:id] 而不是 session[:user_id] 来删除会话.

That way, when you destroy your session (session[:id] = nil) you'll be removing the shared cookie. I believe you will also have to delete the session using session[:id] instead of session[:user_id].

这篇关于在 Rails 3 中跨多个子域删除会话 Cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！