设计在RoR3应用程序上与多个子域无法正常工作 [英] Devise not working well with multiple subdomains on RoR3 application

问题描述

我已经看到很多关于这个主题的问题，但是很多他们有矛盾的信息，并且由于某种原因它不适合我。

我有：

一个顶级域名：lvh.me（开发）。
每个用户都有子域：ie userdomain.lvh.me
登录表单位于顶级域名：lvh.me

我想：

• 如果用户登录，会话需要在所有子域之间共享。我的意思是，会话需要在lvh.me:3000/something和userdomain.lvh.me:3000中有效：


• 如果用户从lvh.me:3000/something注销应该工作，如果用户退出userdomain.lvh.me:3000它也应该工作。

• 在初始值设定中设定以下项目：

  
  
  

  MyApplication :: Application.config.session_store：cookie_store，：key =>'_mykey'，：domain =>：all

发生了什么？

我可以登录lvh.me:3000，我已正确地重定向到lvh.me:3000/internalpage如果我去subdomain.lvh.me:3000它工作伟大。我也可以从lvh.me:3000/internalpage 但注销，如果我尝试从subdomain.lvh.me:3000注销它不工作。在Devise SessionsController中的销毁动作被执行并且一切，但会话不会死。

---

根据 http://excid3.com/blog/sharing-a-devise-

这里的诀窍是：domain选项。这做的是设置TLD（顶级域）的级别
，并告诉Rails域的长度。
这里你要注意的部分是，如果你设置：domain =>
：all like是推荐在某些地方，它根本不工作，除非你使用
localhost。 ：所有默认为TLD长度为1，其中
意味着如果你使用Pow（myapp.dev）测试它将不能工作
因为这是一个长度为2的TLD。

所以，读完之后我也试过了：

MyApplication :: Application.config.session_store：cookie_store，：key =>'_mykey'，：domain =>'lvh.me'

发生了什么？ / strong>
我可以登录lvh.me:3000，我被正确地重定向到lvh.me:3000/internalpage，如果我去subdomain.lvh.me:3000它不工作，我没有会话。如果我回到lvh.me:3000/internalpage我的会话已经消失了。发生了什么？

---

还有什么？

然后，在阅读 rails 3.2子域和设计后，我更改了我的初始化行到

  MyApplication :: Application.config.session_store：cookie_store，：key => '_mykey'，：domain => '.lvh.me'
  

注意。之前的域名。
根据SO中的帖子：

这允许这个cookie通过子域访问，
应用程序保持它跨子域的会话。可能不是
100％你正在寻找，但它应该让你走在正确的
方向。

发生了什么？
没有，它没有工作。

---

我最后尝试了 Rails 3 session_store域：什么都是真的吗？，创建一个自定义类来处理cookie。但我没有运气。

当然，我在每次尝试之前删除了所有的cookies和临时文件。我也改变了cookie的名字。
任何帮助？谢谢！

解决方案

根据这个人： Rails：如何在多个子域中共享永久Cookie？您需要手动设置域吗？ Googling在它看起来像'。domainname.com'与开始的点是真正的方式去。

如果你继承 Devise :: SessionsController ，你可以手动设置它创建

  class SessionsController< Devise :: SessionsController 
 def create 
＃修改此处的cookie 
 super 
 end 
 end 
  

我正在设置一个工作示例来测试，我会后来发布，欢呼！

这里是我的编辑

忘记用创建的令牌回火。有问题的是，你需要令牌域设置为'.lvh.me'，这是所有它， domain：'.lvh.me' / code>只是不做任何事情。这里是我的概念证明，最终它归结为一个控制器内的一个变化：

  class HomeController< ApplicationController 
 def index 
 cookie [：_ cookietest_session] = {domain：'.lvh.me'} 
 end 
 end 
  pre> 
 
 
在Chrome中，令牌看起来像这样
 
 
 
  
 
 
 
而对于subdomain.lvh.me，lvh.me和任何其他子域我试过了。我可以从任何sign_in / sign_out和会话创建/销毁相应。
 
 
 
现在我不建议这样做，我喜欢中间件方法我认为如果正确设置它会工作正常。 
 
 
 
确定最后一件事
 
 
 
我回去尝试 domain：：all ，因为它真的应该按照你的预期工作。如果我访问lvh.me我得到一个cookie与.lvh.me但如果我到subdomain.lvh.me我得到一个读.subdomain.lvh.me 
 
 
 
  
 
I have seen a lot of questions about this topic, but a lot of them have contradictory information, and for some reason it didnt work for me.

I have:

a top level domain:  i.e. lvh.me (development).
each user has subdomains:  i.e. userdomain.lvh.me
The login form is in the top level domain: lvh.me 

I want:


If an user logs in, the session needs to be shared between all the subdomains. I mean, the session needs to be active in lvh.me:3000/something and userdomain.lvh.me:3000
If an user logs out from lvh.me:3000/something it should work, and if the user logs out from userdomain.lvh.me:3000 it should work also.


I tried


Setting in an initializer the following:

MyApplication::Application.config.session_store :cookie_store, :key => '_mykey', :domain => :all


What happened?

I can login in lvh.me:3000, I am correctly redirected to lvh.me:3000/internalpage and if I go to subdomain.lvh.me:3000 it works great. I can also logout from lvh.me:3000/internalpage BUT if I try to logout from subdomain.lvh.me:3000 it doesn't work. The destroy action in Devise SessionsController is executed and everything, but the session doesn't die.



According to http://excid3.com/blog/sharing-a-devise-user-session-across-subdomains-with-rails-3/, 

  
The trick here is the :domain option. What this does is sets the level
  of the TLD (top level domain) and tells Rails how long the domain is.
  The part you want to watch out for here is that if you set :domain =>
  :all like is recommend in some places, it simply won’t work unless
  you’re using localhost. :all defaults to a TLD length of 1, which
  means if you’re testing with Pow (myapp.dev) it won’t work either
  because that is a TLD of length 2.
So, after reading that I also tried

MyApplication::Application.config.session_store :cookie_store, :key => '_mykey', :domain => 'lvh.me'

What happened?
I can login in lvh.me:3000, I am correctly redirected to lvh.me:3000/internalpage and if I go to subdomain.lvh.me:3000 it doesn't work, i have no session there. If I go back to lvh.me:3000/internalpage my session has disappeared. What happened there?



What else?

Then, after reading rails 3.2 subdomains and devise I changed my initializer line to 
MyApplication::Application.config.session_store :cookie_store, :key => '_mykey', :domain => '.lvh.me'
Note the "." before the domain name.
According to the post in SO:

  
This allows this cookie to be accessible across subdomains and the
  application should maintain it's session across subdomains. May not be
  100% what you are looking for but it should get you going in the right
  direction.
What happened?
Nothing, it didn't work. Same behavior if compared with the last thing I tried.



I finally tried What does Rails 3 session_store domain :all really do?  , creating a custom class to handle the cookies. But I had no luck.

Of course that I deleted all the cookies and temp files before each attempt. Also I changed the name of the cookie.
Any help? Thanks!
解决方案
According to this guy here: Rails: how can I share permanent cookies across multiple subdomains? You need to set the domain manually? Googling around it looks like '.domainname.com' with the dot at the beginning really is the way to go.

If you inherit from Devise::SessionsController you can manually set it on create
class SessionsController < Devise::SessionsController
  def create
    # modify the cookie here
    super
  end
end
I am setting up a working example to test that out, I'll post back afterwards, cheers!

And here is my Edit

Forget tempering with the token on create. The problematic is this, you need to have the token domain set to '.lvh.me' that's all there is to it, but domain: '.lvh.me' just doesn't do anything. Here is my proof of concept and ultimately it boiled down to a single change inside a controller:
class HomeController < ApplicationController
  def index
    cookies[:_cookietest_session] = {domain: '.lvh.me'}
  end
end
In Chrome the token would look like this

 

And that for subdomain.lvh.me, lvh.me and any other subdomain I tried. I can sign_in/sign_out from any and the session is created/destroyed accordingly.

Now I wouldn't advise doing it the way I did, I liked the middleware approach I think it would work just fine if setup properly. Let me know if you need further help on this.

Cheers!

Ok last thing

I went back and tried domain: :all because it really ought to work as you have expected. If I access lvh.me I get a cookie with .lvh.me but if I got to subdomain.lvh.me I get one that reads .subdomain.lvh.me



                        
这篇关于设计在RoR3应用程序上与多个子域无法正常工作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！