How to make Authlogic sessions work for all subdomains
When a user logs into my site at example.com
, I want him to be logged in when he visits something.example.com
. How can开发者_如何学JAVA I accomplish this? (I'm using subdomain-fu if relevant)
Well, you can, just add following lines into /etc/hosts after "127.0.0.1 localhost"
127.0.0.1 localhost.com
127.0.0.1 sub.localhost.com
Then edit your environments/development.rb and add
config.action_controller.session = { :domain => '.localhost.com' }
From now on use http://localhost.com:3000 or the same but with sub-domain to access your app locally.
[update] oops, it was the answer to Horace Loeb
For Rails3 the code above will raise NoMethodError
:
undefined method `session=' for ActionController::Base:Class
So, for Rails3 you should not change you environment config but should set your app/config/initializers/session_store.rb
to look like:
YourAppName::Application.config.session_store :active_record_store,
{:key => '_your_namespace_session', :domain => '.yourdomain.com'}
Also after changing the initializer you'll need to restart a webserver in order to apply the initializer.
Notice, that users who were logged in before code update won't be able to logout after that because the default logout action which is looking something like:
destroy
current_user_session.destroy
flash[:notice] = "You have been logged out"
redirect_to root_path
end
is not sufficient - it doesn't delete user_credentials
cookie set for a non-wildcard domain yourdomain.com
by default. So you should add cookies.delete :user_credentials
to the destroy action so it will look like this:
destroy
current_user_session.destroy
cookies.delete :user_credentials
flash[:notice] = "You have been logged out"
redirect_to root_path
end
And that's odd but it should be added after destroying user session despite of cookies[:user_credentials].is_nil? == true
at this point. Also there is a problem that after a user logouts and then logins having cookies.delete :user_credentials
in the destroy
action also makes users to be unable to logout and it should be removed. Does anybody have a solution for this?
Update. Finally I came up to this - I added a boolean flag to User model via migration:
class AddReloginedToUsers < ActiveRecord::Migration
def change
add_column :users, :relogined, :boolean, :default => false
end
end
and changed the destroy action this way:
def destroy
current_user_session.destroy
if !current_user.relogined
current_user.relogined = true
current_user.save
cookies.delete(:user_credentials)
end
session = nil
flash[:notice] = "You have been logged out"
redirect_to root_path
end
Now everything works as expected although that's not a very beautiful solution. I'll be glad if anyone provides something smarter.
The fix is to add this to production.rb
:
if config.action_controller.session
config.action_controller.session[:domain] = '.your-site.com'
else
config.action_controller.session = { :domain => '.your-site.com' }
end
I still can't get it to work in development with localhost:3000
, but whatever
精彩评论