Rails - 401 Unauthorized 当我仅在生产中访问操作时 [英] Rails - 401 Unauthorized when I access action in Production only

问题描述

我使用的是 Ruby On Rails 3.0.9，在开发环境中一切正常.当我切换到 Production env 或将其上传到我们的服务器时，登录后我会被带回到同一个登录页面.当我查看日志时，可以看到以下内容:

I'm using Ruby On Rails 3.0.9 and everything works fine on Development env. When I switch to Production env, or I upload it to our server, after sign in I'm taken back to the same Login page. When I check the log, I can see the following:

Started POST "/users/login" for 127.0.0.1 at Thu Oct 03 16:48:13 -0300 2013
  Processing by UserSessionsController#create as HTML
  Parameters: {"user"=>{"password"=>"[FILTERED]", "login"=>"demo_admin"}, "utf8"=>"✓", "authenticity_token"=>"+7AEoVXZ9XiagEymVUnOhFHnck4rgDu883E/ySMlCxQ="}
Redirected to http://localhost:3000/admin
Completed 302 Found in 111ms


Started GET "/admin" for 127.0.0.1 at Thu Oct 03 16:48:13 -0300 2013
  Processing by Admin::DashboardController#index as HTML
Completed 401 Unauthorized in 1ms

我正在使用 authorization_rules 文件来管理访问权限，但正如我之前所说，我在 Dev env 上没有问题.

I'm using authorization_rules file in order to manage access, but I've got no problem on Dev env, as I said before.

如果我在 admin/dashboard#index 操作上放置一个断点，它不会被执行，因为它没有到达.它在 httpserver 文件处中断(我逐步调试了它)，但我不明白为什么它适用于 Dev 而不适用于 Prod 环境.

If I place a breakpoint at the admin/dashboard#index action, it won't be executed, as it's not reached. It breaks at httpserver file (I debugged it step by step), but I cannot understand why it works on Dev and not on Prod env.

请帮忙.

谢谢，布莱恩

更新

我忘了提到，在我的 ApplicationController 中，有一个名为 check_plan_features 的 before_filter，它首先询问的是 unless current_user.blank?#重定向到管理部分.

I forgor to mention that, in my ApplicationController, there's a before_filter called check_plan_features and the first thing it asks is unless current_user.blank? #redirects to Admin section.

我注意到在使用 Devise 登录后，current_user 具有用户的值，但是当重定向到管理部分后，它又回到了相同的过滤器，而这一次，current_user 为空.所以，我假设，在尝试访问管理部分后，用户的会话以某种方式被破坏.但是，由于这只发生在生产环境中，我仍然想知道可能是什么.

I've noticed that after signing in, using Devise, current_user has the user's value, but when after redirecting to the admin section, it comes back to the same filter, and this time, the current_user is null. So, I assume that, somehow, the user's session is destroyed after trying to access Admin section. But, as this only happens on production environment, I'm still wondering what could be.

推荐答案

我刚刚遇到了这个确切的问题(使用 rails 4 和 devise 3).

I just had this exact problem (using rails 4 and devise 3).

解决方案是在 config/initializers/session_store.rb 文件中添加域声明，如下所示:

The solution was to add a domain declaration to the config/initializers/session_store.rb file like this:

YourAppName::Application.config.session_store :cookie_store, key: '_your_session', domain: {
  production: 'production_domain',
  development: 'development_domain'
}.fetch(Rails.env.to_sym, :all)

尽管最初由于向应用程序添加子域而更改了这一点很重要.

Though it is important that this was changed initially due to adding sub-domains to the application.

这篇关于Rails - 401 Unauthorized 当我仅在生产中访问操作时的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！