轨道3.2子域和设计 [英] rails 3.2 subdomains and devise

问题描述

我有一个应用程序，用户可以登录到他们公司的子域。

I have an application where users can log in to their firms subdomain.

我使用devise。此代码将用户从根域重定向到子域。

I use devise. And this code redirects the user form the root domain to the subdomain.

def after_sign_in_path_for(resource_or_scope)
  scope = Devise::Mapping.find_scope!(resource_or_scope)
  subdomain_name = current_user.firm.subdomain
  if current_subdomain.nil?
    # logout of root domain and login by token to subdomain
    token =  Devise.friendly_token
    current_user.loginable_token = token
    current_user.save
    sign_out(current_user)
    flash[:notice] = nil
    home_path = valid_user_url(token, :subdomain => subdomain_name)
    return home_path
  else
    if subdomain_name != current_subdomain.name
      # user not part of current_subdomain
      sign_out(current_user)
      flash[:notice] = nil
      flash[:alert] = "Sorry, invalid user or password for subdomain"
    end
  end
  super
end

它工作超级chrome，firefox，opera and safari，但它在IE9中不起作用。我没有收到任何错误信息。形成日志，我看到用户被窃取，当用户被重定向到他/她是未经授权的主页时。有人有什么想法吗？形成日志。

It works super in chrome, firefox, opera and safari, but it does not work in IE9. I do not get any error messages. Form the log i see that the user gets sigend in and when the user get redirected to the home page he/she is unauthorized. Has anyone an idea on what is going on? Form the log.

Processing by SessionsController#create as HTML
Parameters: {"utf8"=>"✓",  
"authenticity_token"=>"JaffZi9f+Uyovuya8wR2u7LjG9w/3wdUDqTqONt/kFM=", 
"user"=>{"email
"=>"andreas@lizz.no", "password"=>"[FILTERED]", "remember_me"=>"0"}, 
"commit"=>"Sign in"}
User Load (0.0ms)  SELECT "users".* FROM "users" WHERE 
"users"."email" = ''whatever@atlatis.at' LIMIT 1
(0.0ms)  begin transaction
(1.0ms)  UPDATE "users" SET 
"last_sign_in_at" = '2012-03-02 20:46:06.658370', 
"current_sign_in_at" = '2012-03-
02 20:56:29.481286', "sign_in_count" = 41, 
"updated_at" = '2012-03-02 20:56:29.482286' WHERE "users"."id" = 1
[paperclip] Saving attachments.
(62.0ms)  commit transaction
Firm Load (0.0ms)  SELECT "firms".* FROM "firms" WHERE "firms"."id" = 1 LIMIT 1
Firm Load (0.0ms)  SELECT "firms".* FROM "firms" WHERE "firms"."subdomain" = 'den' LIMIT 1
CACHE (0.0ms)  SELECT "firms".* FROM "firms" WHERE "firms"."subdomain" = 'den' LIMIT 1
Redirected to http://den.lvh.me:3000/
Completed 302 Found in 182ms (ActiveRecord: 0.0ms)


Started GET "/" for 127.0.0.1 at 2012-03-02 21:56:29 +0100
Processing by PrivateController#statistics as HTML
Firm Load (0.0ms)  SELECT "firms".* FROM "firms" WHERE "firms"."subdomain" = 'den' LIMIT 1
Completed 401 Unauthorized in 2ms


Started GET "/users/sign_in" for 127.0.0.1 at 2012-03-02 21:56:29 +0100
Processing by SessionsController#new as HTML
Rendered devise/_links.erb (2.0ms)
Rendered devise/sessions/new.html.erb within layouts/registration (13.0ms)
Completed 200 OK in 27ms (Views: 26.0ms | ActiveRecord: 0.0ms)

推荐答案

如果你跨越子域将会话cookie更改为跨域名可能会更好。

If you are going across subdomain it may be better to simply change your session cookie to be cross-domain.

在初始化程序中编辑session-store.rb文件将执行此操作。

Editing the session-store.rb file in initializers does this.

Babyreveal::Application.config.session_store :cookie_store,
key: '_babyreveal_session',
:domain => ".mybabyreveal.com"

注意。域名上的前缀。这允许这个cookie可以跨子域访问，并且应用程序应该保持跨子域的会话。可能不是100％你正在寻找，但它应该让你走正确的方向。

Notice the . prefix on the domain attribtue. This allows this cookie to be accessible across subdomains and the application should maintain it's session across subdomains. May not be 100% what you are looking for but it should get you going in the right direction.

这篇关于轨道3.2子域和设计的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！