[英]Is there a way to specify subdomains that a cookie should be saved to? (rather than one, or all)
I got my session variables being saved to all subdomains on my site via this: 我通过以下方式将会话变量保存到网站上的所有子域中:
Site::Application.config.session_store(
:cookie_store,
:key => '_site_session',
:domain => Settings.domain,
# :secure => (Rails.env.production? || Rails.env.staging?),
:http_only => true)
where Settings.domain = '.site.com' 其中Settings.domain ='.site.com'
However, the way my site is setup, each account has their own subdomain. 但是,按照我的网站设置方式,每个帐户都有自己的子域。 So this caused a big error since when someone logged in, they could enter any other subdomain and have access to that account (not all information, but some..weird).
因此,这引起了一个大错误,因为当某人登录时,他们可以进入任何其他子域并可以访问该帐户(不是所有信息,而是..weird)。
So, what I want to do is allow people to share session variables with public subdomains (signin.site.com and signup.site.com) as well as their own personal subdomain (account1.site.com). 因此,我想做的是允许人们与公共子域(signin.site.com和signup.site.com)以及他们自己的个人子域(account1.site.com)共享会话变量。 However, those are the only ones that should be able to share it.
但是,这些是唯一应该能够共享的内容。 Is there a way to specify that?
有没有办法指定?
I'm assuming you handle logins on a subdomain like signin.site.com . 我假设您处理诸如signin.site.com之类的子域上的登录。 It's not allowed to set the cookie for *.site.com then.
然后,不允许为* .site.com设置cookie。
Handling the authentication and setting the cookie from http://site.com should solve the problem. 从http://site.com处理身份验证并设置cookie可以解决此问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.