开发者

Copying cookies from main domain to subdomain

开发者 https://www.devze.com 2023-01-06 00:07 出处:网络
My application has a userspace which used to be accessed by a url like domain.com/~username, but I am in the process of converting that to using subdomains instead (username.domain.com). However, I am

My application has a userspace which used to be accessed by a url like domain.com/~username, but I am in the process of converting that to using subdomains instead (username.domain.com). However, I am running into an issue that I'm hoping someone might have an idea of how to get around.

Currently, visitors to开发者_JAVA百科 a user's site get a cookie of the form user<id>_authentication (where <id> is the user ID of the site they're visiting), which is set to have the domain www.domain.com. However, now that I'm switching to subdomains, I want to find those cookies and transfer them to a new cookie called authentication per subdomain, using the subdomain as the cookie domain. However, the rails cookies array does not find the main domain cookies.

I know that if the old cookies were using .domain.com as the domain instead, they'd apply to the subdomain and would be present in cookies, but these cookies are already existing, and I'm trying to make the change as seamless for a user as possible -- so if they had an authentication cookie already for a site, I want them to not have to reauthenticate if at all possible.

Is there any way I can get the cookies from the main domain or does anyone have another suggestion of how I can transfer the cookies?

Update: Sorry, I didn't make it clear before, the cookie is only set if the visitor actively authenticates themselves by submitting a form on the user's site.


If you change the cookie domain to be more permissive (applying to more sub domains) you have no way to read the old, more restricted cookies except from the top level domain that used to work.

You will have to read the cookie, authenticate, and then write a new more permissive cookie before the cookie can be read by the subdomain.

You can roll out your migration logic in advance of the feature and hope you get most people. The rest will have to re-authenticate manually.


Personally I think they should have to re-authenticate.. it will only happen once, then they'll have the new ".domain.com" cookie.

But... One way to achieve this would be to check for the new cookie and when failing to find it, redirect to a new page on the main domain, providing the return url.

In that new page, check for the old style cookie, set the new style cookie, and redirect to the original url. if they don't have the old style cookie, redirect to the login area.

hope this helps.

0

精彩评论

暂无评论...
验证码 换一张
取 消