RAILS / DEVISE - 设置一个设计cookie,以保持不同的子域 [英] RAILS/DEVISE - Setting a devise cookie to persist across different subdomains
问题描述
- 用户登录到[ http://mydomain.com] 。
- 用户通过[ https://secure.mydomain.com]
- 用户返回到[ http://mydomain.com/action] 继续使用系统
我正在关注本教程: http://clearcove.ca/blog/2010/11/how-to-secure-a-rails-app-on-heroku-with-ssl-firesheep/
但是在我需要让Devise做这个authlogic的地方。帮帮我!! ;)
我可能有点迟到,但对于那些期待未来的人来说,这是一个相当简单的解决方案。将它添加到您的环境的配置文件中:
Rails3App :: Application.config.session_store:cookie_store,:key => '_rails3_app_session',:domain => :所有
#将Rails3App更改为您的rails应用程序的名称。
其中重要的部分是:domain =>:all,因为它告诉Rails允许子域为好。其他人建议使用:domain =>.mydomain.com,但是:domain =>:所有的工作都不需要您输入您的域名。
注意:如果在重新启动服务器时不起作用,则可能在初始化程序/文件夹中覆盖了一个session_store.rb文件。只需更改该文件中的行,或删除该文件并将其移动到您的配置。
此外,我必须将行专门放在我的production.rb文件中,因为在session_store.rb文件中更改它会打破我的会话进行开发(使用IP地址)。
I use devise for authentication and want the following to work:
- User logs in at [http://mydomain.com].
- The user makes a payment at [https://secure.mydomain.com]
- The user returns to [http://mydomain.com/action] to continue using the system
I am following this tutorial: http://clearcove.ca/blog/2010/11/how-to-secure-a-rails-app-on-heroku-with-ssl-firesheep/
but am at the part where I need to make Devise do what authlogic does here. Help!! ;)
I may be a little late to this, but for those looking in the future, it's a fairly easy solution. Add this to your environment's config file:
Rails3App::Application.config.session_store :cookie_store, :key => '_rails3_app_session', :domain => :all
# change "Rails3App" to the name of your rails app.
The important part of that is :domain => :all, since that tells Rails to allow subdomains as well. Others have suggested using :domain => ".mydomain.com", but :domain => :all does the job and doesn't require you to put in your domain name.
Note: if it doesn't work when you restart the server, you probably have a session_store.rb file in your initializers/ folder that is overriding it. Just change the line in that file, or remove that file and move it to your config.
Also, I had to specifically place the line in my production.rb file since changing it in the session_store.rb file broke my sessions for development (using the IP address).
这篇关于RAILS / DEVISE - 设置一个设计cookie,以保持不同的子域的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!