检测用户是否在不同的域中登录
[英]detecting if user is logged in at different domain
问题描述
I'm developing a rails app that creates a widget that you can put on your website. 
我正在开发一个rails应用程序,它可以创建一个可以放在网站上的小部件。 When the widget is displayed (on a website with a different host) to a user who is logged in my app, I would like to display him some additional admin options. 当窗口小部件(在具有不同主机的网站上)显示给登录我的应用程序的用户时,我想向他显示一些其他管理选项。
What would be the best and easiest way to figure out if the user is logged in the app? 什么是最好和最简单的方法来确定用户是否登录了应用程序?
I was thinking of storing the IP when user logs in, and then compare the IP from the request that is sent to the widget controller. 我想在用户登录时存储IP,然后比较发送到窗口小部件控制器的请求中的IP。
2 个解决方案
解决方案1
2 2013-09-20 00:50:27
IP could be deceptive. 知识产权可能具有欺骗性。 Try cookies. 试试饼干。
Edit: not only in an actively deceptive manner (ie spoofing/Tor) but rather if two people are on separate sites from the same public IP, then you have a false correlation. 编辑:不仅是以一种积极欺骗的方式(即欺骗/ Tor),而是如果两个人在同一公共IP的不同站点上,那么你就会产生错误的相关性。
解决方案2
2 已采纳 2013-09-20 01:02:42
I followed the Omniauth Railscast Episode and have been using session variables and a SessionsController to create and destroy sessions when the user logs in and out. 我关注了Omniauth Railscast Episode,并且在用户登录和注销时使用会话变量和SessionsController来创建和销毁会话。
class SessionsController < ApplicationController
def create
# create user if new user, or find user account if returning user.
session[:user_id] = user.id
redirect_to root_url # or wherever
end
def destroy
session[:user_id] = nil
redirect_to root_url # or wherever
end
end
Then in the Application Controller, 然后在应用程序控制器中
class ApplicationController < ActionController::Base
def current_user
@current_user ||= User.find(session[:user_id]) if session[:user_id]
end
end
You can then easily determine if a user is logged in or not via if current_user , or equivalently, if session[:user_id] is nil. 然后,您可以轻松确定用户是否通过if current_user登录,或等效地,如果session[:user_id]为nil。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.