Keeping user authenticated when switching to HTTPS page - Devise & Heroku
Question
I have a rails app hosted on Heroku which uses a custom domain and no SSL, but on the checkout page I want to use the Heroku URL instead which already has SSL configured.
So for example, a user is on http://www.example.com and is logged in already and then clicks the checkout link which goes to https://example.herokuapp.com/checkout .
The issue is that once the user visits the 2nd URL they get redirected as the app thinks they are no longer logged in. Is there a way to keep the user logged in when switching between these pages?
1 answers
solution1
0 ACCPTED 2015-10-13 10:18:29
You cannot do that with the herokuapp.com subdomain.
That domain is listed by browsers in their public suffix list: https://devcenter.heroku.com/articles/cookies-and-herokuapp-com
That means you cannot use a cookie which will set *.herokuapp.com , even less *.com .
The only you can do this is by using your custom domain, or the herokuapp.com subdomain all the time.
If the reason you're not using SSL on your custom domain is the price, you could be interested by CloudFlare's SSL offering and proxy requests to your app through them: https://www.cloudflare.com/ssl
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.