开发者

How to make Authlogic sessions work for all subdomains

开发者 https://www.devze.com 2023-01-05 16:33 出处:网络
When a user logs into my site at example.com, I want him to be logged in when he visits something.example.com. How can开发者_如何学JAVA I accomplish this? (I\'m using subdomain-fu if relevant)Well, yo

When a user logs into my site at example.com, I want him to be logged in when he visits something.example.com. How can开发者_如何学JAVA I accomplish this? (I'm using subdomain-fu if relevant)


Well, you can, just add following lines into /etc/hosts after "127.0.0.1 localhost"

127.0.0.1 localhost.com
127.0.0.1 sub.localhost.com

Then edit your environments/development.rb and add

config.action_controller.session = { :domain => '.localhost.com' }

From now on use http://localhost.com:3000 or the same but with sub-domain to access your app locally.

[update] oops, it was the answer to Horace Loeb


For Rails3 the code above will raise NoMethodError:

undefined method `session=' for ActionController::Base:Class

So, for Rails3 you should not change you environment config but should set your app/config/initializers/session_store.rb to look like:

YourAppName::Application.config.session_store :active_record_store,
    {:key => '_your_namespace_session', :domain => '.yourdomain.com'}

Also after changing the initializer you'll need to restart a webserver in order to apply the initializer.

Notice, that users who were logged in before code update won't be able to logout after that because the default logout action which is looking something like:

destroy
  current_user_session.destroy
  flash[:notice] = "You have been logged out"
  redirect_to root_path
end

is not sufficient - it doesn't delete user_credentials cookie set for a non-wildcard domain yourdomain.com by default. So you should add cookies.delete :user_credentials to the destroy action so it will look like this:

destroy
  current_user_session.destroy
  cookies.delete :user_credentials
  flash[:notice] = "You have been logged out"
  redirect_to root_path
end

And that's odd but it should be added after destroying user session despite of cookies[:user_credentials].is_nil? == true at this point. Also there is a problem that after a user logouts and then logins having cookies.delete :user_credentials in the destroy action also makes users to be unable to logout and it should be removed. Does anybody have a solution for this?

Update. Finally I came up to this - I added a boolean flag to User model via migration:

class AddReloginedToUsers < ActiveRecord::Migration
  def change
    add_column :users, :relogined, :boolean, :default => false
  end
end

and changed the destroy action this way:

def destroy
  current_user_session.destroy
  if !current_user.relogined
    current_user.relogined = true
    current_user.save
    cookies.delete(:user_credentials)
  end
  session = nil
  flash[:notice] = "You have been logged out"
  redirect_to root_path
end

Now everything works as expected although that's not a very beautiful solution. I'll be glad if anyone provides something smarter.


The fix is to add this to production.rb:

if config.action_controller.session
  config.action_controller.session[:domain] = '.your-site.com'
else
  config.action_controller.session = { :domain => '.your-site.com' }
end

I still can't get it to work in development with localhost:3000, but whatever

0

精彩评论

暂无评论...
验证码 换一张
取 消