RAILS / DEVISE - 设置一个设计cookie,以便在不同的子域中保持不变
[英]RAILS/DEVISE - Setting a devise cookie to persist across different subdomains
问题描述
I use devise for authentication and want the following to work: 
我使用设计进行身份验证,并希望以下工作:
- User logs in at [ http://mydomain.com] . 用户登录[ http://mydomain.com] 。
- The user makes a payment at [ https://secure.mydomain.com] 用户通过[ https://secure.mydomain.com]付款
- The user returns to [ http://mydomain.com/action] to continue using the system 用户返回[ http://mydomain.com/action]继续使用系统
I am following this tutorial: http://clearcove.ca/blog/2010/11/how-to-secure-a-rails-app-on-heroku-with-ssl-firesheep/ 我正在关注本教程: http : //clearcove.ca/blog/2010/11/how-to-secure-a-rails-app-on-heroku-with-ssl-firesheep/
but am at the part where I need to make Devise do what authlogic does here. 但我正处于需要让Devise做authlogic在这里做的部分。 Help!! 救命!! ;) ;)
2 个解决方案
解决方案1
21 2011-03-21 17:56:17
I may be a little late to this, but for those looking in the future, it's a fairly easy solution. 我可能会迟到一点,但对于那些展望未来的人来说,这是一个相当简单的解决方案。 Add this to your environment's config file: 将其添加到您环境的配置文件中:
Rails3App::Application.config.session_store :cookie_store, :key => '_rails3_app_session', :domain => :all
# change "Rails3App" to the name of your rails app.
The important part of that is :domain => :all, since that tells Rails to allow subdomains as well. 其中重要的部分是:domain =>:all,因为它告诉Rails也允许子域。 Others have suggested using :domain => ".mydomain.com", but :domain => :all does the job and doesn't require you to put in your domain name. 其他人建议使用:domain =>“。mydomain.com”,但是:domain =>:all完成工作,不要求你输入你的域名。
Note: if it doesn't work when you restart the server, you probably have a session_store.rb file in your initializers/ folder that is overriding it. 注意:如果在重新启动服务器时它不起作用,则初始化程序/文件夹中的session_store.rb文件可能会覆盖它。 Just change the line in that file, or remove that file and move it to your config. 只需更改该文件中的行,或删除该文件并将其移动到您的配置。
Also, I had to specifically place the line in my production.rb file since changing it in the session_store.rb file broke my sessions for development (using the IP address). 此外,我必须专门将该行放在我的production.rb文件中,因为在session_store.rb文件中更改它会破坏我的会话以进行开发(使用IP地址)。
解决方案2
7 2012-09-11 11:48:20
Addendum: if it still doesn't work although you're pretty sure you deleted your old cookies, rename the cookie's key – just to make sure. 附录:如果它仍然不起作用,虽然你很确定你删除了旧的cookie, 重命名cookie的密钥 - 只是为了确保。 (after hours of troubleshooting, this was all I really had to do to make it work.) (经过几个小时的故障排除后,这就是我真正需要做的就是让它工作。)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.