Omniauth + Facebook失去了会话 [英] Omniauth+Facebook lost session
问题描述
在最近的一个项目中,facebook 用户可以使用他们的Facebook UID进行登录,以便根据文件上传或从他们的个人相册等上传图片提交图片。
In a recent project, facebook Users can login using their Facebook UID to upload picture submissions based on file uploads or uploads from their personal albums etc.
在开发环境中,本地系统上的一切都很好用。通过Facebook登录,注销,上传 - 都很棒。
Everything works quite nice on my local system in the development environment. Login via Facebook, Logout, Upload - all great.
在生产虽然我面临着一个未知的,调试问题。似乎每隔一段时间(实际上可重复的,当上传一个新的提交到系统)会话丢失,图片没有上传,Facebook用户注销(!)。
In production though I'm facing a unknown and hard to debug problem. It seems that every once in a while (actually reproducable when uploading a new Submission to the system) the session is lost, the picture is NOT uploaded and the facebook user is logged out (!).
我正在使用devise和omniauth。 Omniauth被整合到Devise。
I'm using devise and omniauth. Omniauth is integrated into Devise.
以下是Devise / Omniauth或用户之间的所有代码。
Following is all the code that touches Devise/Omniauth or the User.
app / models / user.rb
class User < ActiveRecord::Base
devise :omniauthable, :rememberable, :omniauth_providers => [:facebook]
def self.create_with_omniauth(auth)
u = User.find_by_uid(auth["uid"])
return u unless u.nil?
create! do |user|
user.provider = auth["provider"]
user.uid = auth["uid"]
user.name = auth["user_info"]["name"]
user.email = auth['user_info']['email']
end
end
def after_signin_path
'/competition'
end
end
数据库包含所需的所有字段:可记忆,我希望。
app / controllers / users / omniauth_callbacks_controller.rb
class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
def facebook
# You need to implement the method below in your model
@user = User.create_with_omniauth(env["omniauth.auth"])
if @user.persisted?
flash[:notice] = I18n.t "devise.omniauth_callbacks.success", :kind => "Facebook"
@user.update_attributes!(:current_auth_token => env["omniauth.auth"]['credentials']['token'], :last_language => I18n.locale.to_s, :updated_at => Time.now, :remember_created_at => Time.now)
sign_in_and_redirect(:user, @user)
else
redirect_to '/competition'
end
end
protected
def after_omniauth_failure_path_for resource
'/competition'
end
end
config / initializers / devise.rb
OmniAuth.config.full_host = "http://#{APP_CONFIG[:domain]}"
Devise.setup do |config|
config.mailer_sender = "devise@myapp.host.com"
require 'devise/orm/active_record'
config.stretches = 10
config.encryptor = :bcrypt
config.timeout_in = 3.days
config.pepper = "2a4b8b2ed9e12e553a7a542176f2ace1af62c062f3ba203a590b8b6307f33042b394922807a840004a3dcdf1c4e97ae085fe2c29654ddaeab7c60f431a8078abb"
config.omniauth :facebook, APP_CONFIG[:facebook_app_id], APP_CONFIG[:facebook_app_secret], {
:scope => "email,user_photos,user_photos,publish_stream,offline_access",
:client_options => {
:ssl => {
:ca_file => "/etc/pki/tls/certs/ca-bundle.crt"
}
}
}
end
application_controller.rb 中没有与auth相关的方法。
There are no auth-related methods in application_controller.rb.
routes.rb :
下面有趣的部分:
devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" }
match '/logout_fb' => 'start#logoutfb'
authenticate :user do
get '/users/connect/:network', :to => redirect("/users/auth/%{network}")
end
不知怎的,我无法理解认证块,根据另一篇文章应该是有帮助的..这个想法?
这么多理论:
一个是 omniauth_callbacks_controller 中的 facebook 函数运行在用户会话之外,因此sign_in_and_redirect赢得不工作所以我有一个想法,重定向到另一个页面像'/ auth?uid = xxx',但这听起来错误,不安全和不稳定。
So many theories:
One is that the facebook function in the omniauth_callbacks_controller runs aside of the users' session, and hence sign_in_and_redirect won't work. So I had the idea of redirecting to another page like '/auth?uid=xxx' but this sounds both wrong, insecure and not stable.
任何帮助或提示是赞赏!
Any help or hints are appreciated!
推荐答案
有点长镜头,但尝试关闭protect_from_forgery - 我有一些问题,会话消失,原来成为这里讨论的问题 https://github.com/intridea/omniauth/issues/203
A bit of a long shot but try turning off protect_from_forgery - I had some issues with sessions disappearing and it turned out to be the issue discussed here https://github.com/intridea/omniauth/issues/203
这篇关于Omniauth + Facebook失去了会话的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
