什么是Rails 3 session_store域：所有真的吗？ [英] What does Rails 3 session_store domain :all really do?

问题描述

更新问题以使其更清楚

我知道您可以将session_store的域设置为在子域之间共享会话： Rails.application.config.session_store：cookie_store，：key => '_my_key'，：domain => Rails 3中的mydomain.com

I understand that you can set the domain of your session_store to share sessions between subdomains like this: Rails.application.config.session_store :cookie_store, :key => '_my_key', :domain => "mydomain.com"

，：domain => ：all do？它不能让您在顶级域之间共享会话，Cookie不能这样做。文档说它假设一个顶级域。

in Rails 3, what does the setting :domain => :all do? It can't let you share sessions across top-level domains, cookies can't do that. The documentation says it assumes one top level domain. So what happens if multiple domains access your app?

在我的应用程式中，我的使用者可以建立一个主要网域的个人子网域，但也可以透过自己的网域存取该子网域自定义域。

In my app, my users can create personal subdomains of one main domain, but then can also access that subdomain via their own custom domain.

什么是正确的session_store域设置，以便我可以：
a）在我的主域的所有域中共享会话，例如mydomain.com
b）通过CNAME自定义网址（例如some.otherdomain.com）访问其个人子域（例如user1.mydomain.com）的用户仍可创建单独的会话。

What is the correct session_store domain setting so that I can: a) share sessions across all domains of my primary domain, eg "mydomain.com" b) users who access their personal subdomain eg "user1.mydomain.com" via a CNAME custom url like "some.otherdomain.com" can still create separate sessions.

感谢

推荐答案

确定，完成此操作的方法是动态设置会话cookie上的域。为了尽早做到这一点，它应该作为机架中间件：

OK, the way to accomplish this is to set the domain on the session cookie dynamically. To do this early enough it should be done as rack middleware:

# Custom Domain Cookie
#
# Set the cookie domain to the custom domain if it's present
class CustomDomainCookie
  def initialize(app, default_domain)
    @app = app
    @default_domain = default_domain
  end

  def call(env)
    host = env["HTTP_HOST"].split(':').first
    env["rack.session.options"][:domain] = custom_domain?(host) ? ".#{host}" : "#{@default_domain}"
    @app.call(env)
  end

  def custom_domain?(host)
    host !~ /#{@default_domain.sub(/^\./, '')}/i
  end
end

这篇关于什么是Rails 3 session_store域：所有真的吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！