Rails - 多个顶级域名和一个会话/ cookie [英] Rails - Multiple top level domains and a single session/cookie

问题描述

我一直在努力争取一段时间，还没能找到一个解决方案。我需要一个用户才能通过一次登录查看多个顶级
域名。

我的理解是，需要在 environment.rb 和
用 before_dispatch 调用。这是我想出的：

  require'activesupport'
 require'dispatcher'
 module ActionController 
 class Dispatcher 
 
 def set_session_domain 
 ActionController :: Base.session_options.update：session_domain => #{@request.host}
 end 
 
 before_dispatch：set_session_domain 
 end 
 end 
   session [：session_domain] 时，似乎不起作用$ c>。
 
 
 
非常感谢任何帮助。
解决方案
这个有点棘手。由于Cookie只能分配给当前域（forms.example.com）和父域（.example.com但不是.com），而不是其他域（othersite.com），您必须找到自己另一个解决方案。这与Rails无关，但是Cookie如何工作。
 
 
 
编辑：会话依赖于客户端特定的句柄，存储在cookie中，这就是为什么会话不要跨域运作。
 
 
 
 本网站有一个创建跨域Cookie的可能解决方案，这是我所了解的最干净的方法，尽管它可能有一些安全隐患。更复杂的版本将使服务器通过某些安全渠道直接进行通信。
 
 
 
如果您正在寻找更通用的单一登录服务，请尝试实现一些形式的 OpenID 。
 
I've been struggling with this for quite awhile and haven't been able to
find a solution. I need a user to be able to view multiple top level
domains with a single login.

My understanding is that this needs to be set in environment.rb and
called with before_dispatch. This is what I've come up with:
require 'activesupport'
require 'dispatcher'
module ActionController
   class Dispatcher

      def set_session_domain
         ActionController::Base.session_options.update :session_domain => "#{@request.host}"
      end 

      before_dispatch :set_session_domain
   end
end
However, this does not seem to be working when I try and pull the values
from session[:session_domain].

Any help is greatly appreciated.
解决方案
This one is a bit tricky. Since cookies can only be assigned to (and retrieved from) the current domain ("forms.example.com", say) and parent domains (".example.com", but not ".com"), but NOT to other domains ("othersite.com"), you'll have to find yourself another solution. This has nothing to do with Rails, but with how cookies work.

EDIT: Sessions rely on a client-specific handle, stored in a cookie, which is why sessions also don't work cross-domain.

This site has one possible solution for creating a cross-domain cookie, and it's the cleanest way I know of, although it may have some security implications. A more complicated version would have the servers communicate directly through some secure channel.

If you're looking for a more general-purpose single-login service, try implementing some form of OpenID.

                        
这篇关于Rails  - 多个顶级域名和一个会话/ cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！