Rails 3 session_store domain :all 到底做了什么? [英] What does Rails 3 session_store domain :all really do?

问题描述

更新了问题以使其更清楚

我知道您可以将 session_store 的域设置为在子域之间共享会话，如下所示:Rails.application.config.session_store :cookie_store, :key =>'_my_key', :domain =>mydomain.com"

I understand that you can set the domain of your session_store to share sessions between subdomains like this: Rails.application.config.session_store :cookie_store, :key => '_my_key', :domain => "mydomain.com"

在 Rails 3 中，:domain => 的设置是什么?:all 做什么?它不能让您跨顶级域共享会话，cookie 不能这样做.文档说它假设一个顶级域.那么，如果多个域访问您的应用会发生什么情况?

in Rails 3, what does the setting :domain => :all do? It can't let you share sessions across top-level domains, cookies can't do that. The documentation says it assumes one top level domain. So what happens if multiple domains access your app?

在我的应用中，我的用户可以创建一个主域的个人子域，但也可以通过他们自己的自定义域访问该子域.

In my app, my users can create personal subdomains of one main domain, but then can also access that subdomain via their own custom domain.

什么是正确的 session_store 域设置，以便我可以:a) 在我的主域的所有域之间共享会话，例如mydomain.com"b) 通过像some.otherdomain.com"这样的 CNAME 自定义 url 访问他们的个人子域(例如user1.mydomain.com")的用户仍然可以创建单独的会话.

What is the correct session_store domain setting so that I can: a) share sessions across all domains of my primary domain, eg "mydomain.com" b) users who access their personal subdomain eg "user1.mydomain.com" via a CNAME custom url like "some.otherdomain.com" can still create separate sessions.

谢谢

推荐答案

好的，实现的方法是动态设置会话 cookie 上的域.为了尽早做到这一点，它应该作为机架中间件来完成:

OK, the way to accomplish this is to set the domain on the session cookie dynamically. To do this early enough it should be done as rack middleware:

# Custom Domain Cookie
#
# Set the cookie domain to the custom domain if it's present
class CustomDomainCookie
  def initialize(app, default_domain)
    @app = app
    @default_domain = default_domain
  end

  def call(env)
    host = env["HTTP_HOST"].split(':').first
    env["rack.session.options"][:domain] = custom_domain?(host) ? ".#{host}" : "#{@default_domain}"
    @app.call(env)
  end

  def custom_domain?(host)
    host !~ /#{@default_domain.sub(/^./, '')}/i
  end
end

这篇关于Rails 3 session_store domain :all 到底做了什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！